Notifying entities of relevant events removing private information

ABSTRACT

The present invention extends to systems and methods for notifying entities of relevant events notifying entities of relevant events removing private information. A privacy infrastructure can apply data privacy operations to user information prior to, during, or after any of signal ingestion, event detection, or event notification. An entity defines a rule formula that is triggered when one or more detected events match the rule formula including defining one or more event types and one or more locations types. One or more events are detected. User information is detected in one of the events. The privacy infrastructure applies a data privacy operation on the user information. It is determined that the one or events satisfies the rule formula subsequent to applying the data privacy operation.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.16/850,172, entitled “NOTIFYING ENTITIES OF RELEVANT EVENTS REMOVINGPRIVATE INFORMATION,” filed Apr. 16, 2020, which is herein incorporatedby reference in its entirety. That application is a continuation in partof U.S. patent application Ser. No. 16/751,105, entitled “NOTIFYINGENTITIES OF RELEVANT EVENTS,” filed Jan. 23, 2020, which is hereinincorporated by reference in its entirety. That Application is acontinuation of U.S. patent application Ser. No. 16/536,452, now U.S.Pat. No. 10,585,724, entitled “NOTIFYING ENTITIES OF RELEVANT EVENTS,”filed Aug. 9, 2019, which is incorporated herein in its entirety. ThatApplication is a continuation in part of U.S. patent application Ser.No. 16/353,212, now U.S. Pat. No. 10,423,688, entitled “NOTIFYINGENTITIES OF RELEVANT EVENTS,” filed Mar. 14, 2019, which is incorporatedherein in its entirety.

U.S. patent application Ser. No. 16/353,212 claims the benefit of U.S.Provisional Patent Application Ser. No. 62/657,695, entitled “EventIdentification And Notification Based On Entity Selected EventNotification Preferences,” filed Apr. 13, 2018, which is incorporatedherein in its entirety. U.S. patent application Ser. No. 16/353,212claims the benefit of U.S. Provisional Patent Application Ser. No.62/657,705, entitled “Pushing Event Notifications Based On Current orPredicted Entity Location,” filed Apr. 13, 2018, which is incorporatedherein in its entirety. U.S. patent application Ser. No. 16/353,212claims the benefit of U.S. Provisional Patent Application Ser. No.62/660,934, entitled “Event Identification And Notification Based OnEntity Selected Event Notification Preferences,” filed Apr. 20, 2018,which is incorporated herein in its entirety. U.S. patent applicationSer. No. 16/353,212 claims the benefit of U.S. Provisional PatentApplication Ser. No. 62/660,924, entitled “Pushing Event NotificationsBased On Current or Predicted Entity Location,” filed Apr. 20, 2018,which is incorporated herein in its entirety. U.S. patent applicationSer. No. 16/353,212 claims the benefit of U.S. Provisional PatentApplication Ser. No. 62/660,929, entitled “Determining EventTruthfulness From Multiple Input Signals,” filed Apr. 20, 2018, which isincorporated herein in its entirety. U.S. patent application Ser. No.16/353,212 claims the benefit of U.S. Provisional Patent ApplicationSer. No. 62/664,001, entitled “Normalizing Different Types Of IngestedSignals Into A Common Format,” filed Apr. 27, 2018, which isincorporated herein in its entirety. U.S. patent application Ser. No.16/353,212 claims the benefit of U.S. Provisional Patent ApplicationSer. No. 62/667,616, entitled “Normalizing Different Types Of IngestedSignals Into A Common Format,” filed May 7, 2018, which is incorporatedherein in its entirety. U.S. patent application Ser. No. 16/353,212claims the benefit of U.S. Provisional Patent Application Ser. No.62/669,540, entitled “Determining Event Severity From Multiple InputSignals,” filed May 10, 2018, which is incorporated herein in itsentirety. U.S. patent application Ser. No. 16/353,212 claims the benefitof U.S. Provisional Patent Application Ser. No. 62/686,791 entitled,“Normalizing Signals,” filed Jun. 19, 2018, which is incorporated hereinin its entirety

U.S. patent application Ser. No. 16/850,172 application claims thebenefit of U.S. Provisional Patent Application Ser. No. 62/859,941entitled “CUSTOMIZING EVENT NOTIFICATIONS,” filed Jun. 11, 2019, whichis incorporated herein in its entirety, each of which is incorporatedherein in its entirety.

BACKGROUND 1. Background and Relevant Art

Entities (e.g., parents, guardians, friends, relatives, teachers, socialworkers, first responders, hospitals, delivery services, media outlets,government entities, etc.) may desire to be made aware of relevantevents (e.g., fires, accidents, police presence, shootings, etc.) asclose as possible to the events' occurrence. However, entities typicallyare not made aware of an event until after a person observes the event(or the event aftermath) and calls authorities.

Some techniques to automate event detection have been attempted.However, in general, automated event detection techniques areunreliable. Some techniques attempt to mine social media data to detectevents and forecast when events might occur. However, events can occurwithout prior planning and/or may not be detectable using social mediadata. Further, these techniques are not capable of meaningfullyprocessing available data nor are these techniques capable ofdifferentiating false data (e.g., hoax social media posts)

Further, data provided to computer systems can come from any number ofdifferent sources, such as, for example, user input, files, databases,applications, sensors, social media systems, cameras, emergencycommunications, etc. In some environments, computer systems receive(potentially large volumes of) data from a variety of different domainsand/or verticals in a variety of different formats. When data isreceived from different sources and/or in different formats, it can bedifficult to efficiently and effectively derive intelligence from thedata.

Extract, transform, and load (ETL) refers to a technique that extractsdata from data sources, transforms the data to fit operational needs,and loads the data into an end target. ETL systems can be used tointegrate data from multiple varied sources, such as, for example, fromdifferent vendors, hosted on different computer systems, etc.

ETL is essentially an extract and then store process. Prior toimplementing an ETL solution, a user defines what (e.g., subset of) datais to be extracted from a data source and a schema of how the extracteddata is to be stored. During the ETL process, the defined (e.g., subsetof) data is extracted, transformed to the form of the schema (i.e.,schema is used on write), and loaded into a data store. To accessdifferent data from the data source, the user has to redefine what datais to be extracted. To change how data is stored, the user has to definea new schema.

ETL is beneficial because it allows a user to access a desired portionof data in a desired format. However, ETL can be cumbersome as dataneeds evolve. Each change to the extracted data and/or the data storageresults in the ETL process having to be restarted. As such, ETL ismarginally practical, at best, for automated event detection. When usingETL, measures can be taken to reduce the possibility of introducingerrors or inconsistencies into event detection and notificationprocesses. However, inevitably errors and/or inconsistencies occur atleast from time to time.

Unfortunately, many events are related to human suffering and possiblyeven human death, such as, for example, accidents, shootings, naturaldisasters, etc. Entities being notified of such events (e.g., drivers,first responders, disaster relief organizations, etc.) attempt to tailortheir response based on circumstances of an event. Thus, entities canrely on event notification when allocating and expending resources.Errors or inconsistencies in event detection and notification may causeentities to respond inappropriately (insufficiently), waste resources,etc.

BRIEF SUMMARY

Examples extend to methods, systems, and computer program products fornotifying entities of relevant events removing private information.

A privacy infrastructure spans other modules used for signal ingestion,event detection, and event notification. The privacy infrastructure canapply data privacy operations to user information in any of raw signals,normalized signals, events, or event notifications prior to, during, orafter any of signal ingestion, event detection, or event notification.

An indication of a location type, a boundary geometry, a user eventtruthfulness preference, a first event type, and a second event type arereceived. An indication of an area including a first location of thelocation type and a second location of the location type are received.The location type, the boundary geometry, the area, the user eventtruthfulness preference, the first event type, and the second event typeare combined into a rule formula.

The area is monitored for events occurring within a first boundarysurrounding the first location or occurring within a second boundarysurrounding the second location, the first boundary and the secondboundary defined in accordance with the boundary geometry. First eventcharacteristics including a first event type and a first eventtruthfulness corresponding to a first detected event are accessed. Userinformation contained within the first event characteristics isidentified. A data privacy operation is applied to the user information.

Second event characteristics including a second event type and a secondevent truthfulness corresponding to a second detected event areaccessed. It is determined that a combination of the firstcharacteristics and the second characteristics satisfy the rule formulasubsequent to applying the data privacy operation. The determinationincludes determining that the first event type and the second event typeoccurred in combination within the first boundary and that the firstevent truthfulness and the second event truthfulness both satisfy theuser event truthfulness preference. An entity is automaticallyelectronically notified in accordance with notification preferences thatthe rule formula was satisfied.

In one aspect, other user information contained within the second eventcharacteristics is identified. Another data privacy operation is appliedto the other user information. It is determined that the combination ofthe first characteristics and the second characteristics satisfy therule formula subsequent to applying the other data privacy operation.

In general, user information can include confidential information,patient information, personally identifiable information (PII), personalhealth information (PHI), sensitive personal information (SPI), PaymentCard Industry information (PCI), or other private information. Dataprivacy operations can include removing user information (e.g.,stripping, scrubbing, etc.), obscuring user information, anonymizinguser information, encrypting user information encryption, segregatinguser information segregation, or applying access controls.

This summary is provided to introduce a selection of concepts in asimplified form that are further described below in the DetailedDescription. This Summary is not intended to identify key features oressential features of the claimed subject matter, nor is it intended tobe used as an aid in determining the scope of the claimed subjectmatter.

Additional features and advantages will be set forth in the descriptionwhich follows, and in part will be obvious from the description, or maybe learned by practice. The features and advantages may be realized andobtained by means of the instruments and combinations particularlypointed out in the appended claims. These and other features andadvantages will become more fully apparent from the followingdescription and appended claims, or may be learned by practice as setforth hereinafter.

BRIEF DESCRIPTION OF THE DRAWINGS

In order to describe the manner in which the above-recited and otheradvantages and features can be obtained, a more particular descriptionwill be rendered by reference to specific implementations thereof whichare illustrated in the appended drawings. Understanding that thesedrawings depict only some implementations and are not therefore to beconsidered to be limiting of its scope, implementations will bedescribed and explained with additional specificity and detail throughthe use of the accompanying drawings in which:

FIG. 1A illustrates an example computer architecture that facilitatesnormalizing ingesting signals.

FIG. 1B illustrates an example computer architecture that facilitatesdetecting events from normalized signals.

FIG. 1C illustrates the example computer architecture of FIG. 1B andincludes a privacy infrastructure.

FIG. 2 illustrates a flow chart of an example method for normalizingingested signals.

FIGS. 3A, 3B, and 3C illustrate other example components that can beincluded in signal ingestion modules.

FIG. 4 illustrates a flow chart of an example method for normalizing aningested signal including time information, location information, andcontext information.

FIG. 5 illustrates a flow chart of an example method for normalizing aningested signal including time information and location information.

FIG. 6 illustrates a flow chart of an example method for normalizing aningested signal including time information.

FIG. 7 illustrates a more detailed view of truthfulness determinationmodule.

FIG. 8 illustrates a flow chart of an example method for determiningevent truthfulness.

FIG. 9 illustrates a more detailed view of severity determinationmodule.

FIG. 10 illustrates a flow chart of an example method for determiningevent severity.

FIGS. 11A-1 and 11A-2 illustrate a computer architecture thatfacilitates identifying relevant events and notifying entities ofrelevant events.

FIG. 11B illustrates a computer architecture that facilitatesidentifying relevant events and notifying entities of relevant events.

FIG. 12A illustrates a flow chart of an example method for identifyingrelevant events and notifying entities of relevant events.

FIG. 12B illustrates a flow chart of an example method for identifyingrelevant events and notifying entities of relevant events.

FIG. 13 illustrates a computer architecture that facilitates notifyingof an event at or near the current location of an entity.

FIG. 14 illustrates a computer architecture that facilitates notifyingof an event at or near a predicted future location of an entity.

FIG. 15 depicts an example user interface that facilitates selectingevent notification preferences.

FIG. 16 illustrates a computer architecture that facilitates predictingevent impact and notifying relevant entities.

FIG. 17 illustrates a flow chart of an example method for predictingevent impact and notifying relevant entities.

FIG. 18 illustrates a user interface element for viewing a usergenerated rule configuration.

FIGS. 19A and 19B illustrate user interfaces for modifying a usergenerated rule configuration.

FIGS. 20A through 20I illustrate a wizard for user generated ruleconfiguration.

FIG. 21 illustrates a user interface for viewing user generated rules.

FIG. 22 illustrates an embodiment for receiving event notifications as amobile device.

FIG. 23 illustrates a user interface for generating whether related ruleconfigurations.

FIG. 24 illustrates a user interface for providing logic configurationsfor connecting event types in a user generated rule configurationsystem.

FIGS. 25 and 26 illustrate an app interface for user notification andexploration of triggered events.

FIG. 27A illustrates an example computer architecture that facilitatesnormalizing ingesting signals and generating event notifications basedon user generated rules.

FIG. 27B illustrates the example computer architecture of FIG. 27A andincludes a privacy infrastructure.

FIG. 28 depicts an example computer architecture for analyzingnormalized events against user generated rules.

FIGS. 29A through 29E depict an embodiment for processing, tracking, anddetermining rule condition components from disparate events across atime window.

FIG. 30 depicts a method for generating notifications based on usergenerated rules according to an embodiment.

DETAILED DESCRIPTION

Examples extend to methods, systems, and computer program products for????

Entities (e.g., parents, other family members, guardians, friends,teachers, social workers, first responders, hospitals, deliveryservices, media outlets, government entities, security personnel, etc.)may desire to be made aware of relevant events as close as possible tothe events' occurrence (i.e., as close as possible to “moment zero”).Different types of ingested signals (e.g., social media signals, websignals, and streaming signals) can be used to detect events. Eventrelevancy can be determined from entity selectable notificationpreferences including but not limited to event categories, eventlocation, a computed event truth, a computed event severity, eventimpact, etc. Entities can also select notification preferencesindicating a minimal notification delay. The minimal notification delaydefines a minimum time after a relevant event is detected that an entitydesires notification of the relevant event.

In general, signal ingestion modules ingest different types of rawstructured and/or raw unstructured signals on an ongoing basis.Different types of signals can include different data media types anddifferent data formats. Data media types can include audio, video,image, and text. Different formats can include text in XML, text inJavaScript Object Notation (JSON), text in RSS feed, plain text, videostream in Dynamic Adaptive Streaming over HTTP (DASH), video stream inHTTP Live Streaming (HLS), video stream in Real-Time Messaging Protocol(RTMP), other Multipurpose Internet Mail Extensions (MIME) types, etc.Handling different types and formats of data introduces inefficienciesinto subsequent event detection processes, including when determining ifdifferent signals relate to the same event.

Accordingly, the signal ingestion modules can normalize raw signalsacross multiple data dimensions to form normalized signals. Eachdimension can be a scalar value or a vector of values. In one aspect,raw signals are normalized into normalized signals having a Time,Location, Context (or “TLC”) dimensions.

A Time (T) dimension can include a time of origin or alternatively a“event time” of a signal. A Location (L) dimension can include alocation anywhere across a geographic area, such as, a country (e.g.,the United States), a State, a defined area, an impacted area, an areadefined by a geo cell, an address, etc.

A Context (C) dimension indicates circumstances surroundingformation/origination of a raw signal in terms that facilitateunderstanding and assessment of the raw signal. The Context (C)dimension of a raw signal can be derived from express as well asinferred signal features of the raw signal.

Signal ingestion modules can include one or more single sourceclassifiers. A single source classifier can compute a single sourceprobability for a raw signal from features of the raw signal. A singlesource probability can reflect a mathematical probability orapproximation of a mathematical probability (e.g., a percentage between0%-100%) of an event actually occurring. A single source classifier canbe configured to compute a single source probability for a single eventtype or to compute a single source probability for each of a pluralityof different event types. A single source classifier can compute asingle source probability using artificial intelligence, machinelearning, neural networks, logic, heuristics, etc.

As such, single source probabilities and corresponding probabilitydetails can represent a Context (C) dimension. Probability details canindicate (e.g., can include a hash field indicating) a probabilisticmodel and (express and/or inferred) signal features considered in asignal source probability calculation.

Thus, per signal type, signal ingestion modules determine Time (T), aLocation (L), and a Context (C) dimensions associated with a signal.Different ingestion modules can be utilized/tailored to determine T, L,and C dimensions associated with different signal types. Normalized (or“TLC”) signals can be forwarded to an event detection infrastructure.When signals are normalized across common dimensions subsequent eventdetection is more efficient and more effective.

Normalization of ingestion signals can include dimensionality reduction.Generally, “transdimensionality” transformations can be structured anddefined in a “TLC” dimensional model. Signal ingestion modules can applythe “transdimensionality” transformations to generic source data in rawsignals to re-encode the source data into normalized data having lowerdimensionality. Dimensionality reduction can include reducingdimensionality (e.g., hundreds, thousands, or even more signal features(dimensions)) of a raw signal into a normalized signal including a Tvector, an L vector, and a C vector. At lower dimensionality, thecomplexity of measuring “distances” between dimensional vectors acrossdifferent normalized signals is reduced.

Concurrently with signal ingestion, an event detection infrastructureconsiders features of different combinations of normalized signals toattempt to identify events. For example, the event detectioninfrastructure can determine that features of multiple differentnormalized signals collectively indicate an event. Alternately, theevent detection infrastructure can determine that features of one ormore normalized signals indicate a possible event. The event detectioninfrastructure then determines that features of one or more othernormalized signals validate the possible event. Signal features caninclude: signal type, signal source, signal content, Time (T) dimension,Location (L) dimension, Context (C) dimension, other circumstances ofsignal creation, etc.

The event detection infrastructure can send detected events to an eventrelevancy module. The event relevancy module can compare eventcharacteristics to entity selected notification preferences. Based onthe comparisons, the event relevancy module can determine a detectedevent is relevant to one or more entities. Relevant events can beforwarded to an event notification module along with entity identifiersfor the one or more entities. The event notification module can use theentity identifiers to notify the one or more entities of the relevantevent.

In one aspect, an entity identifier includes information forcommunicating with an entity, such as, for example, an email address,mobile telephone number, social media name, etc. In another aspect, anentity identifier is specific to the event relevancy module. Uponreceiving an entity identifier, the event notification module refers toa database, list, mapping table, etc. that matches entity identifiers tocorresponding information for communicating with an entity.

The event notification module notifies the one or more entities that therelevant event occurred and/or is occurring in accordance with entitynotification preferences. The event notification module can use one ormore communication mechanisms, such as, for example, email, text, socialmedia direct message, etc., to attempt to notify an entity of a relevantevent. In one aspect, an entity is notified of a relevant event within aperiod of time less than a selected minimal notification delay.

In some aspects, raw signals (or portions thereof), normalized signals(or portions thereof), events (or portions thereof), or eventnotifications (or portions thereof) may include information (privateinformation, user information, etc.) deemed inappropriate for furtherpropagation. A privacy infrastructure can span other modules used forsignal ingestion, signal normalization, event detection, and eventnotification. The privacy infrastructure can use various data privacyoperations to prevent other modules from inappropriately propagatinginformation. For example, the privacy infrastructure can remove orotherwise (temporarily or permanently) obscure information in any of:raw signals, normalized signals, events, or event notifications priorto, during, or after any of: signal ingestion, event detection, or eventnotification.

Thus, signals, including raw signals and/or normalized signals, mayinclude information deemed inappropriate for propagation. Similarly,detected events and event notifications may include information deemedinappropriate for propagation. The privacy infrastructure can apply dataprivacy operations to prevent the information from being inappropriatelypropagated prior to, during, or after event detection. Informationdeemed inappropriate for propagation can include: confidentialinformation, patient information, personally identifiable information(PII), personal health information (PHI), sensitive personal information(SPI), Payment Card Industry information (PCI), or other privateinformation, etc. (collectively, “user information”). Preventingpropagation of user information can include removing (e.g., scrubbing orstripping) the user information from ingested signals. Removal of userinformation prior to event detection allows events to be detected whilesignificantly increasing the privacy of any entities (e.g., individuals,businesses, etc.) referenced within the user information.

More specifically, for example, user information can include one or moreportions of data that when considered individually or in the aggregaterelate to the identity of a natural person or can be used to identify anatural person. Alternately, user information can be any informationthat can be used on its own or with other information to identify,contact, or locate a single person, or to identify an individual incontext, including but not limited to: name, first name, last name, homeaddress (or portions thereof), email address, nation identificationnumber, passport number, vehicle registration plate, driver's license,face, fingerprints, handwriting, credit card numbers, digital identity,date of birth, birthplace, login name, social media identifier, mobiletelephone number, nickname, age, gender, employer, school name, criminalrecord, job position, etc.

Data scrubbing or stripping can include the removal or permanentdestruction of certain information. As compared to data anonymization(another type of data privacy operation)—which may involve complexmethods of obfuscation—data scrubbing eliminates information from thesystem. That is, scrubbed data is not merely aggregated in a manner thatdelinks it from other data, rather, scrubbed data is permanentlyeliminated.

A signal source may include user information in a raw signal when theraw signal is generated. During normalization, user information includedin a raw signal may be retained in a corresponding normalized signal.During event detection, user information in one or more normalizedsignals can be retained in a detected event. During event notification,user information included in a detected event can be retained in anevent notification.

As such, and when appropriate, the privacy infrastructure can beconfigured to actively attempt to identify user information in one ormore of: ingested raw signals, normalized signals, detected events, ornotifications. For example, the privacy infrastructure can parse one ormore of: (attributes/characteristics of) an ingested raw signal(including signal content), (attributes/characteristics of) a normalizedsignal (including signal content), (attributes/characteristics of) adetected event, or (attributes/characteristics of) an eventnotifications, searching for user information, such as, names,birthdates, physical characteristics, etc. When appropriate, the privacyinfrastructure can also can actively attempt to identify userinformation in any intermediate data structures utilized during signalingestion, signal normalization, event detection, notification, etc. Theprivacy infrastructure can apply data privacy operations to/on (e.g.scrubbing or otherwise removing) any identified user information in rawsignals, normalized signals, events, and event notification, as well asidentified user information in intermediate data structures utilizedduring signal ingestion, signal normalization, event detection, ornotification. For example, the privacy infrastructure can identify andscrub PII included in a Computer Aided Dispatch (CAD) signal prior toutilizing the CAD signal for event detection.

In one aspect, user information is included in metadata within aningested raw signal. The privacy infrastructure can apply data privacyoperations (e.g., scrubbing) to the metadata prior to event detectionand/or storage of the raw signal. For example, the privacyinfrastructure can remove associated account information from a socialmedia post. The privacy infrastructure can also scrub (or otherwiseremove) geocoded information included in an ingested raw signalmetadata.

Certain types of data may be inherently personal but are also used forevent detection. For example, in an emergency situation involving asuspected perpetrator, it may be appropriate (and even beneficial) topropagate identifying physical characteristics (or other userinformation) included in a signal to law enforcement. The physicalcharacteristics (or other user information) may remain with the signalbut the signal may be tagged to indicate the presence of the physicalcharacteristics. The privacy infrastructure may apply various dataprivacy operations on signals tagged as including user information. Dataprivacy operations can include segregating the tagged signal from othersignals, applying encryption (or higher encryption) to the taggedsignal, applying access controls (e.g., user-based, entity-based,purpose-based, time-based, warrant-based, etc.) to the tagged signal, orotherwise implementing rules regarding activities that areauthorized/appropriate for the tagged signal.

The privacy infrastructure can apply data privacy operations to remove(or otherwise obscure) user information in accordance with one or moreof: time-domain, expiry, or relevance-based rules. In one aspect, someuser information may be appropriate to retain for a (e.g., relativelyshort) period of time. However, after the period of time, retention ofthe user information is no longer appropriate. The privacyinfrastructure can implement a time based rule to remove (or otherwiseobscure) the user information when the time period expires. For example,in a healthcare setting, it may be appropriate to know the identity of aperson who tests positive for a communicable disease during the time inwhich the disease is communicable to others. However, once the person isno longer contagious, the identity loses relevance, and the privacyinfrastructure can scrub the identify while maintaining other,non-user-identifiable information about the case.

In another aspect, the privacy infrastructure can retain information ona rolling window of time, for example 24 hours. For example, an accesslog for a resource (e.g., a building, a file, a computer, etc.) may beretained for a set period of time. Once the period of time has expiredfor a specific record, user information may be scrubbed from the accessrecord while maintaining non-identifiable information (e.g., anindication that the resource was accessed).

In further aspect, the privacy infrastructures can obscure userinformation at multiple layers to further protect a user's privacy evenduring a period of time in which their user information is retained. Forexample, a data provider may hide, modify, encrypt, hash, or otherwiseobscure user information prior to transfer into a system. The eventdetection algorithms previously described may be employed to identifysimilarities among signal characteristics even with the data within thesignals has been arbitrarily assigned. That is, event detection maystill be possible based on a uniform obfuscation of data prior toingestion within the system. In this way, user data within the eventdetection system may not be traceable back to a user without also havingaccess to the entirely separate system operated by the entity providingthe signal. This may improve user privacy.

To further improve user privacy, the privacy infrastructure can combinereceiving pre-obscured data from a signal provider with a process ofapplying an additional local obfuscation. For example, a signal sourcemay provide only a hashed version of a user identifier to the signalingestion system. The hashed version of the user identified may behashed according to a method unknown to the signal ingestion system(e.g., a private key, salt, or the like). Upon receipt, the privacyinfrastructure may apply an additional obfuscation (e.g., a secondprivate key, salt, or the like) to the received data using a methodunknown to the signal provider. As described, the privacy infrastructuremay then scrub, cancel, or delete any connection between the receiveddata (already obfuscated), and the secondary local modificationaccording to a time-window, expiry, relevance, etc., rules.

Implementations can comprise or utilize a special purpose orgeneral-purpose computer including computer hardware, such as, forexample, one or more computer and/or hardware processors (including anyof Central Processing Units (CPUs), and/or Graphical Processing Units(GPUs), general-purpose GPUs (GPGPUs), Field Programmable Gate Arrays(FPGAs), application specific integrated circuits (ASICs), TensorProcessing Units (TPUs)) and system memory, as discussed in greaterdetail below. Implementations also include physical and othercomputer-readable media for carrying or storing computer-executableinstructions and/or data structures. Such computer-readable media can beany available media that can be accessed by a general purpose or specialpurpose computer system. Computer-readable media that storecomputer-executable instructions are computer storage media (devices).Computer-readable media that carry computer-executable instructions aretransmission media. Thus, by way of example, and not limitation,implementations can comprise at least two distinctly different kinds ofcomputer-readable media: computer storage media (devices) andtransmission media.

Computer storage media (devices) includes RAM, ROM, EEPROM, CD-ROM,Solid State Drives (“SSDs”) (e.g., RAM-based or Flash-based), ShingledMagnetic Recording (“SMR”) devices, Flash memory, phase-change memory(“PCM”), other types of memory, other optical disk storage, magneticdisk storage or other magnetic storage devices, or any other mediumwhich can be used to store desired program code means in the form ofcomputer-executable instructions or data structures and which can beaccessed by a general purpose or special purpose computer.

In one aspect, one or more processors are configured to executeinstructions (e.g., computer-readable instructions, computer-executableinstructions, etc.) to perform any of a plurality of describedoperations. The one or more processors can access information fromsystem memory and/or store information in system memory. The one or moreprocessors can (e.g., automatically) transform information betweendifferent formats, such as, for example, between any of: raw signals,normalized signals, signal features, single source probabilities, times,time dimensions, locations, location dimensions, geo cells, geo cellentries, designated market areas (DMAs), contexts, location annotations,context annotations, classification tags, context dimensions, events,truth values, truth scores, truth factors, geo fences, time decayfunctions, severity values, severity scores, severity ranks, signalgroups, signal bursts, entity input, event notification preferences,event notifications, entity location data, entity locations, predictedimpacts, impact notifications, etc.

System memory can be coupled to the one or more processors and can storeinstructions (e.g., computer-readable instructions, computer-executableinstructions, etc.) executed by the one or more processors. The systemmemory can also be configured to store any of a plurality of other typesof data generated and/or transformed by the described components, suchas, for example, raw signals, normalized signals, signal features,single source probabilities, times, time dimensions, locations, locationdimensions, geo cells, geo cell entries, designated market areas (DMAs),contexts, location annotations, context annotations, classificationtags, context dimensions, events, truth values, truth scores, truthfactors, geo fences, time decay functions, severity values, severityscores, severity ranks, signal groups, signal bursts, entity input,event notification preferences, event notifications, entity locationdata, entity locations, predicted impacts, impact notifications, etc.

A “network” is defined as one or more data links that enable thetransport of electronic data between computer systems and/or modulesand/or other electronic devices. When information is transferred orprovided over a network or another communications connection (eitherhardwired, wireless, or a combination of hardwired or wireless) to acomputer, the computer properly views the connection as a transmissionmedium. Transmissions media can include a network and/or data linkswhich can be used to carry desired program code means in the form ofcomputer-executable instructions or data structures and which can beaccessed by a general purpose or special purpose computer. Combinationsof the above should also be included within the scope ofcomputer-readable media.

Further, upon reaching various computer system components, program codemeans in the form of computer-executable instructions or data structurescan be transferred automatically from transmission media to computerstorage media (devices) (or vice versa). For example,computer-executable instructions or data structures received over anetwork or data link can be buffered in RAM within a network interfacemodule (e.g., a “NIC”), and then eventually transferred to computersystem RAM and/or to less volatile computer storage media (devices) at acomputer system. Thus, it should be understood that computer storagemedia (devices) can be included in computer system components that also(or even primarily) utilize transmission media.

Computer-executable instructions comprise, for example, instructions anddata which, in response to execution at a processor, cause a generalpurpose computer, special purpose computer, or special purposeprocessing device to perform a certain function or group of functions.The computer executable instructions may be, for example, binaries,intermediate format instructions such as assembly language, or evensource code. Although the subject matter has been described in languagespecific to structural features and/or methodological acts, it is to beunderstood that the subject matter defined in the appended claims is notnecessarily limited to the described features or acts described above.Rather, the described features and acts are disclosed as example formsof implementing the claims.

Those skilled in the art will appreciate that the described aspects maybe practiced in network computing environments with many types ofcomputer system configurations, including, personal computers, desktopcomputers, laptop computers, message processors, hand-held devices,wearable devices, multicore processor systems, multi-processor systems,microprocessor-based or programmable consumer electronics, network PCs,minicomputers, mainframe computers, mobile telephones, PDAs, tablets,routers, switches, and the like. The described aspects may also bepracticed in distributed system environments where local and remotecomputer systems, which are linked (either by hardwired data links,wireless data links, or by a combination of hardwired and wireless datalinks) through a network, both perform tasks. In a distributed systemenvironment, program modules may be located in both local and remotememory storage devices.

Further, where appropriate, functions described herein can be performedin one or more of: hardware, software, firmware, digital components, oranalog components. For example, one or more Field Programmable GateArrays (FPGAs) and/or one or more application specific integratedcircuits (ASICs) and/or one or more Tensor Processing Units (TPUs) canbe programmed to carry out one or more of the systems and proceduresdescribed herein. Hardware, software, firmware, digital components, oranalog components can be specifically tailor-designed for a higher speeddetection or artificial intelligence that can enable signal processing.In another example, computer code is configured for execution in one ormore processors, and may include hardware logic/electrical circuitrycontrolled by the computer code. These example devices are providedherein purposes of illustration, and are not intended to be limiting.Embodiments of the present disclosure may be implemented in furthertypes of devices.

The described aspects can also be implemented in cloud computingenvironments. In this description and the following claims, “cloudcomputing” is defined as a model for enabling on-demand network accessto a shared pool of configurable computing resources. For example, cloudcomputing can be employed in the marketplace to offer ubiquitous andconvenient on-demand access to the shared pool of configurable computingresources (e.g., compute resources, networking resources, and storageresources). The shared pool of configurable computing resources can beprovisioned via virtualization and released with low effort or serviceprovider interaction, and then scaled accordingly.

A cloud computing model can be composed of various characteristics suchas, for example, on-demand self-service, broad network access, resourcepooling, rapid elasticity, measured service, and so forth. A cloudcomputing model can also expose various service models, such as, forexample, Software as a Service (“SaaS”), Platform as a Service (“PaaS”),and Infrastructure as a Service (“IaaS”). A cloud computing model canalso be deployed using different deployment models such as privatecloud, community cloud, public cloud, hybrid cloud, and so forth. Inthis description and in the following claims, a “cloud computingenvironment” is an environment in which cloud computing is employed.

In this description and the following claims, a “geo cell” is defined asa piece of “cell” in a spatial grid in any form. In one aspect, geocells are arranged in a hierarchical structure. Cells of differentgeometries can be used.

A “geohash” is an example of a “geo cell”.

In this description and the following claims, “geohash” is defined as ageocoding system which encodes a geographic location into a short stringof letters and digits. Geohash is a hierarchical spatial data structurewhich subdivides space into buckets of grid shape (e.g., a square).Geohashes offer properties like arbitrary precision and the possibilityof gradually removing characters from the end of the code to reduce itssize (and gradually lose precision). As a consequence of the gradualprecision degradation, nearby places will often (but not always) presentsimilar prefixes. The longer a shared prefix is, the closer the twoplaces are. geo cells can be used as a unique identifier and toapproximate point data (e.g., in databases).

In one aspect, a “geohash” is used to refer to a string encoding of anarea or point on the Earth. The area or point on the Earth may berepresented (among other possible coordinate systems) as alatitude/longitude or Easting/Northing—the choice of which is dependenton the coordinate system chosen to represent an area or point on theEarth. geo cell can refer to an encoding of this area or point, wherethe geo cell may be a binary string comprised of 0s and 1s correspondingto the area or point, or a string comprised of 0s, 1s, and a ternarycharacter (such as X)—which is used to refer to a don't care character(0 or 1). A geo cell can also be represented as a string encoding of thearea or point, for example, one possible encoding is base-32, whereevery 5 binary characters are encoded as an ASCII character.

Depending on latitude, the size of an area defined at a specified geocell precision can vary. When geohash is used for spatial indexing, theareas defined at various geo cell precisions are approximately:

TABLE 1 Example Areas at Various Geohash Precisions GeohashLength/Precision width × height 1 5,009.4 km × 4,992.6 km 2 1,252.3 km ×624.1 km  3 156.5 km × 156 km  4 39.1 km × 19.5 km 5 4.9 km × 4.9 km 6 1.2 km × 609.4 m 7 152.9 m × 152.4 m 8 38.2 m × 19 m  9 4.8 m × 4.8 m10  1.2 m × 59.5 cm 11 14.9 cm × 14.9 cm 12 3.7 cm × 1.9 cmOther geo cell geometries, such as, hexagonal tiling, triangular tiling,etc. are also possible. For example, the H3 geospatial indexing systemis a multi-precision hexagonal tiling of a sphere (such as the Earth)indexed with hierarchical linear indexes.

In another aspect, geo cells are a hierarchical decomposition of asphere (such as the Earth) into representations of regions or pointsbased a Hilbert curve (e.g., the S2 hierarchy or other hierarchies).Regions/points of the sphere can be projected into a cube and each faceof the cube includes a quad-tree where the sphere point is projectedinto. After that, transformations can be applied and the spacediscretized. The geo cells are then enumerated on a Hilbert Curve (aspace-filling curve that converts multiple dimensions into one dimensionand preserves the approximate locality).

Due to the hierarchical nature of geo cells, any signal, event, entity,etc., associated with a geo cell of a specified precision is by defaultassociated with any less precise geo cells that contain the geo cell.For example, if a signal is associated with a geo cell of precision 9,the signal is by default also associated with corresponding geo cells ofprecisions 1, 2, 3, 4, 5, 6, 7, and 8. Similar mechanisms are applicableto other tiling and geo cell arrangements. For example, S2 has a celllevel hierarchy ranging from level zero (85,011,012 km²) to level 30(between 0.48 cm² to 0.96 cm²).

Signal Ingestion and Normalization

Signal ingestion modules ingest a variety of raw structured and/or rawunstructured signals on an on going basis and in essentially real-time.Raw signals can include social posts, live broadcasts, traffic camerafeeds, other camera feeds (e.g., from other public cameras or from CCTVcameras), listening device feeds, 911 calls, weather data, plannedevents, IoT device data, crowd sourced traffic and road information,satellite data, air quality sensor data, smart city sensor data, publicradio communication (e.g., among first responders and/or dispatchers,between air traffic controllers and pilots), subscription data services,etc. The content of raw signals can include images, video, audio, text,etc.

In general, signal normalization can prepare (or pre-process) rawsignals into normalized signals to increase efficiency and effectivenessof subsequent computing activities, such as, event detection, eventnotification, etc., that utilize the normalized signals. For example,signal ingestion modules can normalize raw signals into normalizedsignals having a Time, Location, and Context (TLC) dimensions. An eventdetection infrastructure can use the Time, Location, and Contentdimensions to more efficiently and effectively detect events.

Per signal type and signal content, different normalization modules canbe used to extract, derive, infer, etc. Time, Location, and Contextdimensions from/for a raw signal. For example, one set of normalizationmodules can be configured to extract/derive/infer Time, Location andContext dimensions from/for social signals. Another set of normalizationmodules can be configured to extract/derive/infer Time, Location andContext dimensions from/for Web signals. A further set of normalizationmodules can be configured to extract/derive/infer Time, Location andContext dimensions from/for streaming signals.

Normalization modules for extracting/deriving/inferring Time, Location,and Context dimensions can include text processing modules, NLP modules,image processing modules, video processing modules, etc. The modules canbe used to extract/derive/infer data representative of Time, Location,and Context dimensions for a signal. Time, Location, and Contextdimensions for a signal can be extracted/derived/inferred from metadataand/or content of the signal.

For example, NLP modules can analyze metadata and content of a soundclip to identify a time, location, and keywords (e.g., fire, shooter,etc.). An acoustic listener can also interpret the meaning of sounds ina sound clip (e.g., a gunshot, vehicle collision, etc.) and convert torelevant context. Live acoustic listeners can determine the distance anddirection of a sound. Similarly, image processing modules can analyzemetadata and pixels in an image to identify a time, location andkeywords (e.g., fire, shooter, etc.). Image processing modules can alsointerpret the meaning of parts of an image (e.g., a person holding agun, flames, a store logo, etc.) and convert to relevant context. Othermodules can perform similar operations for other types of contentincluding text and video.

Per signal type, each set of normalization modules can differ but mayinclude at least some similar modules or may share some common modules.For example, similar (or the same) image analysis modules can be used toextract named entities from social signal images and public camerafeeds. Likewise, similar (or the same) NLP modules can be used toextract named entities from social signal text and web text.

In some aspects, an ingested signal includes sufficient expresslydefined time, location, and context information upon ingestion. Theexpressly defined time, location, and context information is used todetermine Time, Location, and Context dimensions for the ingestedsignal. In other aspects, an ingested signal lacks expressly definedlocation information or expressly defined location information isinsufficient (e.g., lacks precision) upon ingestion. In these otheraspects, Location dimension or additional Location dimension can beinferred from features of an ingested signal and/or through referencesto other data sources. In further aspects, an ingested signal lacksexpressly defined context information or expressly defined contextinformation is insufficient (e.g., lacks precision) upon ingestion. Inthese further aspects, Context dimension or additional Context dimensioncan be inferred from features of an ingested signal and/or throughreference to other data sources.

In further aspects, time information may not be included, or includedtime information may not be given with high enough precision and Timedimension is inferred. For example, a user may post an image to a socialnetwork which had been taken some indeterminate time earlier.

Normalization modules can use named entity recognition and reference toa geo cell database to infer Location dimension. Named entities can berecognized in text, images, video, audio, or sensor data. The recognizednamed entities can be compared to named entities in geo cell entries.Matches indicate possible signal origination in a geographic areadefined by a geo cell.

As such, a normalized signal can include a Time dimension, a Locationdimension, a Context dimension (e.g., single source probabilities andprobability details), a signal type, a signal source, and content.

A single source probability can be calculated by single sourceclassifiers (e.g., machine learning models, artificial intelligence,neural networks, statistical models, etc.) that consider hundreds,thousands, or even more signal features (dimensions) of a signal. Singlesource classifiers can be based on binary models and/or multi-classmodels.

FIG. 1A depicts part of computer architecture 100 that facilitatesingesting and normalizing signals. As depicted, computer architecture100 includes signal ingestion modules 101, social signals 171, Websignals 172, and streaming signals 173. Signal ingestion modules 101,social signals 171, Web signals 172, and streaming signals 173 can beconnected to (or be part of) a network, such as, for example, a systembus, a Local Area Network (“LAN”), a Wide Area Network (“WAN”), and eventhe Internet. Accordingly, signal ingestion modules 101, social signals171, Web signals 172, and streaming signals 173 as well as any otherconnected computer systems and their components can create and exchangemessage related data (e.g., Internet Protocol (“IP”) datagrams and otherhigher layer protocols that utilize IP datagrams, such as, TransmissionControl Protocol (“TCP”), Hypertext Transfer Protocol (“HTTP”), SimpleMail Transfer Protocol (“SMTP”), Simple Object Access Protocol (SOAP),etc. or using other non-datagram protocols) over the network.

Signal ingestion module(s) 101 can ingest raw signals 121, includingsocial signals 171, web signals 172, and streaming signals 173, on an ongoing basis and in essentially real-time. Raw signals 121 can includesocial posts, traffic camera feeds, other camera feeds, listening devicefeeds, 911 calls, weather data, planned events, IoT device data, crowdsourced traffic and road information, satellite data, air quality sensordata, smart city sensor data, public radio communication, subscriptiondata service data, etc. As such, potentially thousands, millions or evenbillions of unique raw signals, each with unique characteristics, arecan be ingested and used determine event characteristics, such as, eventtruthfulness, event severity, event category or categories, etc.

Signal ingestion module(s) 101 include social content ingestion modules174, web content ingestion modules 176, stream content ingestion modules176, and signal formatter 180. Signal formatter 180 further includessocial signal processing module 181, web signal processing module 182,and stream signal processing modules 183.

For each type of signal, a corresponding ingestion module and signalprocessing module can interoperate to normalize the signal into a Time,Location, Context (TLC) dimensions. For example, social contentingestion modules 174 and social signal processing module 181 caninteroperate to normalize social signals 171 into TLC dimensions.Similarly, web content ingestion modules 176 and web signal processingmodule 182 can interoperate to normalize web signals 172 into TLCdimensions. Likewise, stream content ingestion modules 176 and streamsignal processing modules 183 can interoperate to normalize streamingsignals 173 into TLC dimensions.

In one aspect, signal content exceeding specified size requirements(e.g., audio or video) is cached upon ingestion. Signal ingestionmodules 101 include a URL or other identifier to the cached contentwithin the context for the signal.

In one aspect, signal formatter 180 includes modules for determining asingle source probability as a ratio of signals turning into eventsbased on the following signal properties: (1) event class (e.g., fire,accident, weather, etc.), (2) media type (e.g., text, image, audio,etc.), (3) source (e.g., twitter, traffic camera, first responder radiotraffic, etc.), and (4) geo type (e.g., geo cell, region, or non-geo).Probabilities can be stored in a lookup table for different combinationsof the signal properties. Features of a signal can be derived and usedto query the lookup table. For example, the lookup table can be queriedwith terms (“accident”, “image”, “twitter”, “region”). The correspondingratio (probability) can be returned from the table.

In another aspect, signal formatter 180 includes a plurality of singlesource classifiers (e.g., artificial intelligence, machine learningmodules, neural networks, etc.). Each single source classifier canconsider hundreds, thousands, or even more signal features (dimensions)of a signal. Signal features of a signal can be derived and submitted toa signal source classifier. The single source classifier can return aprobability that a signal indicates a type of event. Single sourceclassifiers can be binary classifiers or multi-source classifiers.

Raw classifier output can be adjusted to more accurately represent aprobability that a signal is a “true positive”. For example, 1,000signals whose raw classifier output is 0.9 may include 80% as truepositives. Thus, probability can be adjusted to 0.8 to reflect trueprobability of the signal being a true positive. “Calibration” can bedone in such a way that for any “calibrated score” this score reflectsthe true probability of a true positive outcome.

Signal ingestion modules 101 can insert one or more single sourceprobabilities and corresponding probability details into a normalizedsignal to represent a Context (C) dimension. Probability details canindicate a probabilistic model and features used to calculate theprobability. In one aspect, a probabilistic model and signal featuresare contained in a hash field.

Signal ingestion modules 101 can access “transdimensionality”transformations structured and defined in a “TLC” dimensional model.Signal ingestion modules 101 can apply the “transdimensionality”transformations to generic source data in raw signals to re-encode thesource data into normalized data having lower dimensionality.Dimensionality reduction can include reducing dimensionality (e.g.,hundreds, thousands, or even more signal features (dimensions)) of a rawsignal into a normalized signal including a T vector, an L vector, and aC vector. At lower dimensionality, the complexity of measuring“distances” between dimensional vectors across different normalizedsignals is reduced.

Thus, in general, any received raw signals can be normalized intonormalized signals including a Time (T) dimension, a Location (L)dimension, a Context (C) dimension, signal source, signal type, andcontent. Signal ingestion modules 101 can send normalized signals 122 toevent detection infrastructure 103.

For example, signal ingestion modules 101 can send normalized signal122A, including time 123A, location 124A, context 126A, content 127A,type 128A, and source 129A to event detection infrastructure 103.Similarly, signal ingestion modules 101 can send normalized signal 122B,including time 123B, location 124B, context 126B, content 127B, type128B, and source 129B to event detection infrastructure 103.

Event Detection

Turning back to FIG. 1B, computer architecture 100 also includescomponents that facilitate detecting events. As depicted, computerarchitecture 100 includes geo cell database 111 and event notification116. Geo cell database 111 and event notification 116 can be connectedto (or be part of) a network with signal ingestion modules 101 and eventdetection infrastructure 103. As such, geo cell database 111 and evennotification 116 can create and exchange message related data over thenetwork.

As described, in general, on an ongoing basis, concurrently with signalingestion (and also essentially in real-time), event detectioninfrastructure 103 detects different categories of (planned andunplanned) events (e.g., fire, police response, mass shooting, trafficaccident, natural disaster, storm, active shooter, concerts, protests,etc.) in different locations (e.g., anywhere across a geographic area,such as, the United States, a State, a defined area, an impacted area,an area defined by a geo cell, an address, etc.), at different timesfrom Time, Location, and Context dimensions included in normalizedsignals. Since, normalized signals are normalized to include Time,Location, and Context dimensions, event detection infrastructure 103 canhandle normalized signals in a more uniform manner increasing eventdetection efficiency and effectiveness.

Event detection infrastructure 103 can also determine an eventtruthfulness, event severity, and an associated geo cell. In one aspect,a Context dimension in a normalized signal increases the efficiency andeffectiveness of determining truthfulness, severity, and an associatedgeo cell.

Generally, an event truthfulness indicates how likely a detected eventis actually an event (vs. a hoax, fake, misinterpreted, etc.).Truthfulness can range from less likely to be true to more likely to betrue. In one aspect, truthfulness is represented as a numerical value,such as, for example, from 1 (less truthful) to 10 (more truthful) or aspercentage value in a percentage range, such as, for example, from 0%(less truthful) to 100% (more truthful). Other truthfulnessrepresentations are also possible. For example, truthfulness can be adimension or represented by one or more vectors.

Generally, an event severity indicates how severe an event is (e.g.,what degree of badness, what degree of damage, etc. is associated withthe event). Severity can range from less severe (e.g., a single vehicleaccident without injuries) to more severe (e.g., multi vehicle accidentwith multiple injuries and a possible fatality). As another example, ashooting event can also range from less severe (e.g., one victim withoutlife threatening injuries) to more severe (e.g., multiple injuries andmultiple fatalities). In one aspect, severity is represented as anumerical value, such as, for example, from 1 (less severe) to 5 (moresevere). Other severity representations are also possible. For example,severity can be a dimension or represented by one or more vectors.

In general, event detection infrastructure 103 can include a geodetermination module including modules for processing different kinds ofcontent including location, time, context, text, images, audio, andvideo into search terms. The geo determination module can query a geocell database with search terms formulated from normalized signalcontent. The geo cell database can return any geo cells having matchingsupplemental information. For example, if a search term includes astreet name, a subset of one or more geo cells including the street namein supplemental information can be returned to the event detectioninfrastructure.

Event detection infrastructure 103 can use the subset of geo cells todetermine a geo cell associated with an event location. Eventsassociated with a geo cell can be stored back into an entry for the geocell in the geo cell database. Thus, over time an historical progressionof events within a geo cell can be accumulated.

As such, event detection infrastructure 103 can assign an event ID, anevent time, an event location, an event category, an event description,an event truthfulness, and an event severity to each detected event.Detected events can be sent to relevant entities, including to mobiledevices, to computer systems, to APIs, to data storage, etc.

Event detection infrastructure 103 detects events from informationcontained in normalized signals 122. Event detection infrastructure 103can detect an event from a single normalized signal 122 or from multiplenormalized signals 122. In one aspect, event detection infrastructure103 detects an event based on information contained in one or morenormalized signals 122. In another aspect, event detectioninfrastructure 103 detects a possible event based on informationcontained in one or more normalized signals 122. Event detectioninfrastructure 103 then validates the potential event as an event basedon information contained in one or more other normalized signals 122.

As depicted, event detection infrastructure 103 includes geodetermination module 104, categorization module 106, truthfulnessdetermination module 107, and severity determination module 108.

Generally, geo determination module 104 can include NLP modules, imageanalysis modules, etc. for identifying location information from anormalized signal. Geo determination module 104 can formulate (e.g.,location) search terms 141 by using NLP modules to process audio, usingimage analysis modules to process images, etc. Search terms can includestreet addresses, building names, landmark names, location names, schoolnames, image fingerprints, etc. Event detection infrastructure 103 canuse a URL or identifier to access cached content when appropriate.

Generally, categorization module 106 can categorize a detected eventinto one of a plurality of different categories (e.g., fire, policeresponse, mass shooting, traffic accident, natural disaster, storm,active shooter, concerts, protests, etc.) based on the content ofnormalized signals used to detect and/or otherwise related to an event.

Generally, truthfulness determination module 107 can determine thetruthfulness of a detected event based on one or more of: source, type,age, and content of normalized signals used to detect and/or otherwiserelated to the event. Some signal types may be inherently more reliablethan other signal types. For example, video from a live traffic camerafeed may be more reliable than text in a social media post. Some signalsources may be inherently more reliable than others. For example, asocial media account of a government agency may be more reliable than asocial media account of an individual. The reliability of a signal candecay over time.

Generally, severity determination module 108 can determine the severityof a detected event based on or more of: location, content (e.g.,dispatch codes, keywords, etc.), and volume of normalized signals usedto detect and/or otherwise related to an event. Events at some locationsmay be inherently more severe than events at other locations. Forexample, an event at a hospital is potentially more severe than the sameevent at an abandoned warehouse. Event category can also be consideredwhen determining severity. For example, an event categorized as a“Shooting” may be inherently more severe than an event categorized as“Police Presence” since a shooting implies that someone has beeninjured.

Geo cell database 111 includes a plurality of geo cell entries. Each geocell entry is included in a geo cell defining an area and correspondingsupplemental information about things included in the defined area. Thecorresponding supplemental information can include latitude/longitude,street names in the area defined by and/or beyond the geo cell,businesses in the area defined by the geo cell, other Areas of Interest(AOIs) (e.g., event venues, such as, arenas, stadiums, theaters, concerthalls, etc.) in the area defined by the geo cell, image fingerprintsderived from images captured in the area defined by the geo cell, andprior events that have occurred in the area defined by the geo cell. Forexample, geo cell entry 151 includes geo cell 152, lat/lon 153, streets154, businesses 155, AOIs 156, and prior events 157. Each event in priorevents 157 can include a location (e.g., a street address), a time(event occurrence time), an event category, an event truthfulness, anevent severity, and an event description. Similarly, geo cell entry 161includes geo cell 162, lat/lon 163, streets 164, businesses 165, AOIs166, and prior events 167. Each event in prior events 167 can include alocation (e.g., a street address), a time (event occurrence time), anevent category, an event truthfulness, an event severity, and an eventdescription.

Other geo cell entries can include the same or different (more or less)supplemental information, for example, depending on infrastructuredensity in an area. For example, a geo cell entry for an urban area cancontain more diverse supplemental information than a geo cell entry foran agricultural area (e.g., in an empty field).

Geo cell database 111 can store geo cell entries in a hierarchicalarrangement based on geo cell precision. As such, geo cell informationof more precise geo cells is included in the geo cell information forany less precise geo cells that include the more precise geo cell.

Geo determination module 104 can query geo cell database 111 with searchterms 141. Geo cell database 111 can identify any geo cells havingsupplemental information that matches search terms 141. For example, ifsearch terms 141 include a street address and a business name, geo celldatabase 111 can identify geo cells having the street name and businessname in the area defined by the geo cell. Geo cell database 111 canreturn any identified geo cells to geo determination module 104 in geocell subset 142.

Geo determination module can use geo cell subset 142 to determine thelocation of event 135 and/or a geo cell associated with event 135. Asdepicted, event 135 includes event ID 132, time 133, location 137,description 136, category 137, truthfulness 138, and severity 139.

Event detection infrastructure 103 can also determine that event 135occurred in an area defined by geo cell 162 (e.g., a geohash havingprecision of level 7 or level 9). For example, event detectioninfrastructure 103 can determine that location 134 is in the areadefined by geo cell 162. As such, event detection infrastructure 103 canstore event 135 in events 167 (i.e., historical events that haveoccurred in the area defined by geo cell 162).

Event detection infrastructure 103 can also send event 135 to eventnotification module 116. Event notification module 116 can notify one ormore entities about event 135.

Privacy Infrastructure

Referring now to FIG. 1C, privacy infrastructure 102 spans signalingestion modules 101, event detection infrastructure 103, and eventnotification 116. Privacy infrastructure 102 can implement any describeduser information data privacy operations (e.g., removal, scrubbing,stripping, obfuscation, access rule application, etc.) within and/orthrough interoperation with one or more of ingestion modules 101, eventdetection infrastructure 103, and event notification 116. As such,privacy infrastructure 102 may be configured to apply data privacyoperations, including data scrubbing, before, during, or after signalingestion, event detection, and/or event notification.

In some aspects, one or more of raw signals 121 (or portions thereof)can include user information. Privacy infrastructure 102 canimplement/apply data privacy operations through interaction and/orinteroperation with signal ingestion modules 101 on the user information(e.g., prior to, during, or after signal ingestion and/or signalnormalization). For example, while normalizing one of raw signals 121,privacy infrastructure 102 may apply one or more data privacy operationsto alter an aspect of the raw signal 121 (e.g., user information)relating to the Time dimension. One way this may be done is to round atime-stamp to the nearest second, minute, hour, etc. By reducingprecision associated with a timestamp, privacy can be increased (e.g.,by making it impossible to directly link a signal aspect to the originalaspect). However, the reduced time-stamp precision may cause little, ifany, corresponding reduction in identifying an event based on the rawsignal 121. Depending on signal type, the level of precision may be moreor less important to event detection and may also be more or lesshelpful in eliminating user information. Thus, heuristics may be appliedto different signal types to determine relevancy of precision and/orrelevancy of reducing user information footprint.

Privacy infrastructure 102 can also apply one or more data privacyoperations to modify location information (e.g., user information)associated with a signal in a manner that irreversibly increases privacywith little, if any, reduction in event detection capabilities. Forexample, privacy infrastructure 102 can reduce or eliminate GPSprecision. Depending on the signal type, location information may notbenefit event detection. In such cases, signal specific rules may beimplemented to reduce or eliminate the unnecessary information prior toevent detection processing.

Privacy infrastructure 102 can also apply one or more data privacyoperations to modify different types of contextual information (e.g.,user information) associated with a signal. For example, vehicletelematics information may include metadata identifying a make/model ofa vehicle. However, if such telematic information is used to detectevents, such as, car accidents, the exact make/model of the automobilemay not be necessary and can be eliminated from the signal duringnormalization. In another example, content from a social media post maybe scrubbed to eliminate extraneous information. This may beaccomplished through natural language processing and configured toeliminate content such as names, locations, or other sensitiveinformation.

As described, privacy infrastructure 102 can perform data privacyactions during signal ingestion including applying a layer ofobfuscation along with an indication of how and/or when any reversiblelinkage should be destroyed, scrubbed, or otherwise removed from thesystem. For example, a user ID field may be hashed using a customizedsalt during signal ingestion and marked with time-domain expiryinformation. The data then proceeds through the system, for example, toevent detection, in its salted form. While within the time-domain, thecustomized salt may be available if it becomes necessary to ascertainthe pre-obfuscated data. However, once the time-domain has expired, thecustom salt may be destroyed. Destroying the custom salt essentiallypermanently and irreversibly obscures the data element (at least to thedegree provided by hash/encryption algorithm chosen for the obfuscation)from transformation back to its pre-salted form.

In some aspects, one or more of normalized signals 122 (or portionsthereof) can include user information. Privacy infrastructure 102 canalso implement/apply data privacy operations through interaction and/orinteroperation with event detection infrastructure 103 on the userinformation (e.g., prior to, during, or after event detection). Applyingobfuscation during event detection may include applying additionaltechniques that are appropriate when different portions of data(possibly from different sources) are to be aggregated. In one example,when one data signal is determined to be related to an event thatincludes data from other data signals, permissions for each respectivedata signal may be determined. Based upon those permissions, one or moredata elements from within one or more of the event related signals maybe hidden, scrubbed, or otherwise obfuscated.

For example, if an event is detected using a first signal from a firstentity and a second signal from a second entity, permissions may beconsulted to determine whether the first entity has permission to seeall of the data fields provided within the signal of the second entity.When the first entity does not have permission for one or more fields,those fields may be dropped or obscured. In some scenarios, this mayresult in a failed event detection, or an event detection with a lowerrelative reliability. Reducing reliability may be appropriate, or evendesired, to increase user privacy. In such scenarios, additional signalscan be used to corroborate the event detection without reference to userinformation contained in the first or second signals.

Generally, event detection without reference to user information maymake event detection less efficient and/or effective (e.g., more signalsare required, more processing time is required, etc.). However, thetrade-off between privacy and additional signal processing may beappropriate and is often desirable. Further, the ability to detectevents using privacy-aware methods increases data security.

In some aspects, a detected event (or a portion thereof), such as, event135, can include user information. Privacy infrastructure 102 can alsoimplement/apply privacy operations through interaction and/orinteroperation with event notification 116 on the user information(e.g., prior to, during, or after event notification). Once an event,such as event 135, has been detected, a notification may be generated ina way that maintains user privacy. In one aspect, user identificationsmay be removed from a notification altogether where the notification canbe determined to not need such identifiers. This may be determined basedon the identity of the recipient and notifications of the same eventcustomized based on the recipient. For example, if an event is a fire, apolice officer may receive a notification of the fire event along with adescription of a suspected arsonist. A fire fighter, on the other hand,may only receive notification of the occurrence of the fire. In thisway, the use of personal information is limited in scope according torelevance to the recipient.

In another example, privacy infrastructure 102 and/or event notification116 may employ dynamic notifications that apply rules to userinformation that may change over time or according to context. Forexample, a user may access a dynamic notification during a designatedtime-window in which a suspect description is available. At a latertime, the user may access the same dynamic notification but be unable tosee the suspect descriptors. This change in access may be based on atime-domain (e.g., available for 24 hours) or a relevance domain (e.g.,removed if an updated description is received, a suspect is arrested,etc.)

A dynamic notification may also be implemented such that userinformation is always initially obscured but may be available uponrequest and authentication by a user. This process may rely onuser-based, role-based, or other dynamic or static heuristics. It isappreciated that any combination of these techniques may be implemented.

FIG. 2 illustrates a flow chart of an example method 200 for normalizingingested signals. Method 200 will be described with respect to thecomponents and data in computer architecture 100.

Method 200 includes ingesting a raw signal including a time stamp, anindication of a signal type, an indication of a signal source, andcontent (201). For example, signal ingestion modules 101 can ingest araw signal 121 from one of: social signals 171, web signals 172, orstreaming signals 173.

Method 200 incudes forming a normalized signal from characteristics ofthe raw signal (202). For example, signal ingestion modules 101 can forma normalized signal 122A from the ingested raw signal 121.

Forming a normalized signal includes forwarding the raw signal toingestion modules matched to the signal type and/or the signal source(203). For example, if ingested raw signal 121 is from social signals171, raw signal 121 can be forwarded to social content ingestion modules174 and social signal processing modules 181. If ingested raw signal 121is from web signals 172, raw signal 121 can be forwarded to web contentingestion modules 175 and web signal processing modules 182. If ingestedraw signal 121 is from streaming signals 173, raw signal 121 can beforwarded to streaming content ingestion modules 176 and streamingsignal processing modules 183.

Forming a normalized signal includes determining a time dimensionassociated with the raw signal from the time stamp (204). For example,signal ingestion modules 101 can determine time 123A from a time stampin ingested raw signal 121.

Forming a normalized signal includes determining a location dimensionassociated with the raw signal from one or more of: location informationincluded in the raw signal or from location annotations inferred fromsignal characteristics (205). For example, signal ingestion modules 101can determine location 124A from location information included in rawsignal 121 or from location annotations derived from characteristics ofraw signal 121 (e.g., signal source, signal type, signal content).

Forming a normalized signal includes determining a context dimensionassociated with the raw signal from one or more of: context informationincluded in the raw signal or from context signal annotations inferredfrom signal characteristics (206). For example, signal ingestion modules101 can determine context 126A from context information included in rawsignal 121 or from context annotations derived from characteristics ofraw signal 121 (e.g., signal source, signal type, signal content).

Forming a normalized signal includes inserting the time dimension, thelocation dimension, and the context dimension in the normalized signal(207). For example, signal ingestion modules 101 can insert time 123A,location 124A, and context 126A in normalized signal 122. Method 200includes sending the normalized signal to an event detectioninfrastructure (208). For example, signal ingestion modules 101 can sendnormalized signal 122A to event detection infrastructure 103.

In some aspects, method 200 also includes one or more privacyoperations. Privacy infrastructure 102 can implement and/or apply anydescribed data privacy operations (possibly through interoperation withmodules in signal ingestion modules 101), such as, user informationremoval, user information scrubbing, user information stripping, userinformation obfuscation, access rule application, etc., prior to,during, or after any of: 201, 202, 203, 204, 205, 206, 207, or 208.

FIGS. 3A, 3B, and 3C depict other example components that can beincluded in signal ingestion modules 101. Signal ingestion modules 101can include signal transformers for different types of signals includingsignal transformer 301A (for TLC signals), signal transformer 301B (forTL signals), and signal transformer 301C (for T signals). In one aspect,a single module combines the functionality of multiple different signaltransformers.

Signal ingestion modules 101 can also include location services 302,classification tag service 306, signal aggregator 308, context inferencemodule 312, and location inference module 316. Location services 302,classification tag service 306, signal aggregator 308, context inferencemodule 312, and location inference module 316 or parts thereof caninteroperate with and/or be integrated into any of ingestion modules174, web content ingestion modules 176, stream content ingestion modules176, social signal processing module 181, web signal processing module182, and stream signal processing modules 183. Location services 302,classification tag service 306, signal aggregator 308, context inferencemodule 312, and location inference module 316 can interoperate toimplement “transdimensionality” transformations to reduce raw signaldimensionality into normalized TLC signals.

Signal ingestion modules 101 can also include storage for signals indifferent stages of normalization, including TLC signal storage 307, TLsignal storage 311, T signal storage 313, TC signal storage 314, andaggregated TLC signal storage 309. In one aspect, data ingestion modules101 implement a distributed messaging system. Each of signal storage307, 309, 311, 313, and 314 can be implemented as a message container(e.g., a topic) associated with a type of message.

As depicted, in FIGS. 3A, 3B, and 3C privacy infrastructure 102 can spanmodules that facilitate signal ingestion. For example, in FIG. 3A,privacy infrastructure 102 spans signal transformer 301A, locationservices 302 (including geocell service 303 and market service 304),classification tag service 306, and signal aggregator 308. In FIG. 3B,privacy infrastructure 102 spans signal transformer 301B, locationservices 302 (including geocell service 303 and market service 304),classification tag service 306, signal aggregator 308, and contextinference module 312. In FIG. 3C, privacy infrastructure 102 spanssignal transformer 301C, location services 302 (including geocellservice 303 and market service 304), classification tag service 306,signal aggregator 308, context inference module 312, and locationinference module 316. Privacy infrastructure 102 can implement and/orapply any described data privacy operations, such as, user informationremoval, user information scrubbing, user information stripping, userinformation obfuscation, access rule application, etc., at and/orthrough interoperation with any of: signal transformer 301A, signaltransformer 301B, signal transformer 301C, location services 302(including geocell service 303 and market service 304), classificationtag service 306, signal aggregator 308, context inference module 312, orlocation inference module 316.

FIG. 4 illustrates a flow chart of an example method 400 for normalizingan ingested signal including time information, location information, andcontext information. Method 400 will be described with respect to thecomponents and data in FIG. 3A.

Method 400 includes accessing a raw signal including a time stamp,location information, context information, an indication of a signaltype, an indication of a signal source, and content (401). For example,signal transformer 301A can access raw signal 221A. Raw signal 221Aincludes timestamp 231A, location information 232A (e.g., lat/lon, GPScoordinates, etc.), context information 233A (e.g., text expresslyindicating a type of event), signal type 227A (e.g., social media, 911communication, traffic camera feed, etc.), signal source 228A (e.g.,Facebook, twitter, Waze, etc.), and signal content 229A (e.g., one ormore of: image, video, text, keyword, locale, etc.).

Method 400 includes determining a Time dimension for the raw signal(402). For example, signal transformer 301A can determine time 223A fromtimestamp 231A.

Method 400 includes determining a Location dimension for the raw signal(403). For example, signal transformer 301A sends location information232A to location services 302. Geo cell service 303 can identify a geocell corresponding to location information 232A. Market service 304 canidentify a designated market area (DMA) corresponding to locationinformation 232A. Location services 302 can include the identified geocell and/or DMA in location 224A. Location services 302 return location224A to signal transformer 301.

Method 400 includes determining a Context dimension for the raw signal(404). For example, signal transformer 301A sends context information233A to classification tag service 306. Classification tag service 306identifies one or more classification tags 226A (e.g., fire, policepresence, accident, natural disaster, etc.) from context information233A. Classification tag service 306 returns classification tags 226A tosignal transformer 301A.

Method 400 includes inserting the Time dimension, the Locationdimension, and the Context dimension in a normalized signal (405). Forexample, signal transformer 301A can insert time 223A, location 224A,and tags 226A in normalized signal 222A (a TLC signal). Method 400includes storing the normalized signal in signal storage (406). Forexample, signal transformer 301A can store normalized signal 222A in TLCsignal storage 307. (Although not depicted, timestamp 231A, locationinformation 232A, and context information 233A can also be included (orremain) in normalized signal 222A).

Method 400 includes storing the normalized signal in aggregated storage(406). For example, signal aggregator 308 can aggregate normalizedsignal 222A along with other normalized signals determined to relate tothe same event. In one aspect, signal aggregator 308 forms a sequence ofsignals related to the same event. Signal aggregator 308 stores thesignal sequence, including normalized signal 222A, in aggregated TLCstorage 309 and eventually forwards the signal sequence to eventdetection infrastructure 103.

In some aspects, method 400 also includes one or more privacyoperations. Privacy infrastructure 102 can implement and/or apply anydescribed data privacy operations (possibly through interoperation withmodules in signal ingestion modules 101), such as, user informationremoval, user information scrubbing, user information stripping, userinformation obfuscation, access rule application, etc., prior to,during, or after any of: 401, 402, 403, 404, 405, or 406.

FIG. 5 illustrates a flow chart of an example method 500 for normalizingan ingested signal including time information and location information.Method 500 will be described with respect to the components and data inFIG. 3B.

Method 500 includes accessing a raw signal including a time stamp,location information, an indication of a signal type, an indication of asignal source, and content (501). For example, signal transformer 301Bcan access raw signal 221B. Raw signal 221B includes timestamp 231B,location information 232B (e.g., lat/lon, GPS coordinates, etc.), signaltype 227B (e.g., social media, 911 communication, traffic camera feed,etc.), signal source 228B (e.g., Facebook, twitter, Waze, etc.), andsignal content 229B (e.g., one or more of: image, video, audio, text,keyword, locale, etc.).

Method 500 includes determining a Time dimension for the raw signal(502). For example, signal transformer 301B can determine time 223B fromtimestamp 231B.

Method 500 includes determining a Location dimension for the raw signal(503). For example, signal transformer 301B sends location information232B to location services 302. Geo cell service 303 can be identify ageo cell corresponding to location information 232B. Market service 304can identify a designated market area (DMA) corresponding to locationinformation 232B. Location services 302 can include the identified geocell and/or DMA in location 224B. Location services 302 returns location224B to signal transformer 301.

Method 500 includes inserting the Time dimension and Location dimensioninto a signal (504). For example, signal transformer 301B can inserttime 223B and location 224B into TL signal 236B. (Although not depicted,timestamp 231B and location information 232B can also be included (orremain) in TL signal 236B). Method 500 includes storing the signal,along with the determined Time dimension and Location dimension, to aTime, Location message container (505). For example, signal transformer301B can store TL signal 236B to TL signal storage 311. Method 500includes accessing the signal from the Time, Location message container(506). For example, signal aggregator 308 can access TL signal 236B fromTL signal storage 311.

Method 500 includes inferring context annotations based oncharacteristics of the signal (507). For example, context inferencemodule 312 can access TL signal 236B from TL signal storage 311. Contextinference module 312 can infer context annotations 241 fromcharacteristics of TL signal 236B, including one or more of: time 223B,location 224B, type 227B, source 228B, and content 229B. In one aspect,context inference module 312 includes one or more of: NLP modules, audioanalysis modules, image analysis modules, video analysis modules, etc.Context inference module 312 can process content 229B in view of time223B, location 224B, type 227B, source 228B, to infer contextannotations 241 (e.g., using machine learning, artificial intelligence,neural networks, machine classifiers, etc.). For example, if content229B is an image that depicts flames and a fire engine, contextinference module 312 can infer that content 229B is related to a fire.Context inference 312 module can return context annotations 241 tosignal aggregator 308.

Method 500 includes appending the context annotations to the signal(508). For example, signal aggregator 308 can append context annotations241 to TL signal 236B. Method 500 includes looking up classificationtags corresponding to the classification annotations (509). For example,signal aggregator 308 can send context annotations 241 to classificationtag service 306. Classification tag service 306 can identify one or moreclassification tags 226B (a Context dimension) (e.g., fire, policepresence, accident, natural disaster, etc.) from context annotations241. Classification tag service 306 returns classification tags 226B tosignal aggregator 308.

Method 500 includes inserting the classification tags in a normalizedsignal (510). For example, signal aggregator 308 can insert tags 226B (aContext dimension) into normalized signal 222B (a TLC signal). Method500 includes storing the normalized signal in aggregated storage (511).For example, signal aggregator 308 can aggregate normalized signal 222Balong with other normalized signals determined to relate to the sameevent. In one aspect, signal aggregator 308 forms a sequence of signalsrelated to the same event. Signal aggregator 308 stores the signalsequence, including normalized signal 222B, in aggregated TLC storage309 and eventually forwards the signal sequence to event detectioninfrastructure 103. (Although not depicted, timestamp 231B, locationinformation 232C, and context annotations 241 can also be included (orremain) in normalized signal 222B).

In some aspects, method 500 also includes one or more privacyoperations. Privacy infrastructure 102 can implement and/or apply anydescribed data privacy operations (possibly through interoperation withmodules signal ingestion modules 101), such as, user informationremoval, user information scrubbing, user information stripping, userinformation obfuscation, access rule application, etc., prior to,during, or after any of: 501, 502, 503, 504, 505, 506, 507, 508, 509,510, or 511.

FIG. 6 illustrates a flow chart of an example method 600 for normalizingan ingested signal including time information and location information.Method 600 will be described with respect to the components and data inFIG. 3C.

Method 600 includes accessing a raw signal including a time stamp, anindication of a signal type, an indication of a signal source, andcontent (601). For example, signal transformer 301C can access rawsignal 221C. Raw signal 221C includes timestamp 231C, signal type 227C(e.g., social media, 911 communication, traffic camera feed, etc.),signal source 228C (e.g., Facebook, twitter, Waze, etc.), and signalcontent 229C (e.g., one or more of: image, video, text, keyword, locale,etc.).

Method 600 includes determining a Time dimension for the raw signal(602). For example, signal transformer 301C can determine time 223C fromtimestamp 231C. Method 600 includes inserting the Time dimension into aT signal (603). For example, signal transformer 301C can insert time223C into T signal 234C. (Although not depicted, timestamp 231C can alsobe included (or remain) in T signal 234C).

Method 600 includes storing the T signal, along with the determined Timedimension, to a Time message container (604). For example, signaltransformer 301C can store T signal 236C to T signal storage 313. Method600 includes accessing the T signal from the Time message container(605). For example, signal aggregator 308 can access T signal 234C fromT signal storage 313.

Method 600 includes inferring context annotations based oncharacteristics of the T signal (606). For example, context inferencemodule 312 can access T signal 234C from T signal storage 313. Contextinference module 312 can infer context annotations 242 fromcharacteristics of T signal 234C, including one or more of: time 223C,type 227C, source 228C, and content 229C. As described, contextinference module 312 can include one or more of: NLP modules, audioanalysis modules, image analysis modules, video analysis modules, etc.Context inference module 312 can process content 229C in view of time223C, type 227C, source 228C, to infer context annotations 242 (e.g.,using machine learning, artificial intelligence, neural networks,machine classifiers, etc.). For example, if content 229C is a videodepicting two vehicles colliding on a roadway, context inference module312 can infer that content 229C is related to an accident. Contextinference 312 module can return context annotations 242 to signalaggregator 308.

Method 600 includes appending the context annotations to the T signal(607). For example, signal aggregator 308 can append context annotations242 to T signal 234C. Method 600 includes looking up classification tagscorresponding to the classification annotations (608). For example,signal aggregator 308 can send context annotations 242 to classificationtag service 306. Classification tag service 306 can identify one or moreclassification tags 226C (a Context dimension) (e.g., fire, policepresence, accident, natural disaster, etc.) from context annotations242. Classification tag service 306 returns classification tags 226C tosignal aggregator 308.

Method 600 includes inserting the classification tags into a TC signal(609). For example, signal aggregator 308 can insert tags 226C into TCsignal 237C. Method 600 includes storing the TC signal to a Time,Context message container (610). For example, signal aggregator 308 canstore TC signal 237C in TC signal storage 314. (Although not depicted,timestamp 231C and context annotations 242 can also be included (orremain) in normalized signal 237C).

Method 600 includes inferring location annotations based oncharacteristics of the TC signal (611). For example, location inferencemodule 316 can access TC signal 237C from TC signal storage 314.Location inference module 316 can include one or more of: NLP modules,audio analysis modules, image analysis modules, video analysis modules,etc. Location inference module 316 can process content 229C in view oftime 223C, type 227C, source 228C, and classification tags 226C (andpossibly context annotations 242) to infer location annotations 243(e.g., using machine learning, artificial intelligence, neural networks,machine classifiers, etc.). For example, if content 229C is a videodepicting two vehicles colliding on a roadway, the video can include anearby street sign, business name, etc. Location inference module 316can infer a location from the street sign, business name, etc. Locationinference module 316 can return location annotations 243 to signalaggregator 308.

Method 600 includes appending the location annotations to the TC signalwith location annotations (612). For example, signal aggregator 308 canappend location annotations 243 to TC signal 237C. Method 600determining a Location dimension for the TC signal (613). For example,signal aggregator 308 can send location annotations 243 to locationservices 302. Geo cell service 303 can identify a geo cell correspondingto location annotations 243. Market service 304 can identify adesignated market area (DMA) corresponding to location annotations 243.Location services 302 can include the identified geo cell and/or DMA inlocation 224C. Location services 302 returns location 224C to signalaggregation services 308.

Method 600 includes inserting the Location dimension into a normalizedsignal (614). For example, signal aggregator 308 can insert location224C into normalized signal 222C. Method 600 includes storing thenormalized signal in aggregated storage (615). For example, signalaggregator 308 can aggregate normalized signal 222C along with othernormalized signals determined to relate to the same event. In oneaspect, signal aggregator 308 forms a sequence of signals related to thesame event. Signal aggregator 308 stores the signal sequence, includingnormalized signal 222C, in aggregated TLC storage 309 and eventuallyforwards the signal sequence to event detection infrastructure 103.(Although not depicted, timestamp 231B, context annotations 241, andlocation annotations 24, can also be included (or remain) in normalizedsignal 222B).

In some aspects, method 600 also includes one or more privacyoperations. Privacy infrastructure 102 can implement and/or apply anydescribed data privacy operations (possibly through interoperation withmodules included in signal ingestion modules 101), such as, userinformation removal, user information scrubbing, user informationstripping, user information obfuscation, access rule application, etc.,prior to, during, or after any of: 601, 602, 603, 604, 605, 606, 607,608, 609, 610, 611, 612, 613, 614, or 615.

In another aspect, a Location dimension is determined prior to a Contextdimension when a T signal is accessed. A Location dimension (e.g., geocell and/or DMA) and/or location annotations are used when inferringcontext annotations.

Accordingly, location services 302 can identify a geo cell and/or DMAfor a signal from location information in the signal and/or frominferred location annotations. Similarly, classification tag service 306can identify classification tags for a signal from context informationin the signal and/or from inferred context annotations.

Signal aggregator 308 can concurrently handle a plurality of signals ina plurality of different stages of normalization. For example, signalaggregator 308 can concurrently ingest and/or process a plurality Tsignals, a plurality of TL signals, a plurality of TC signals, and aplurality of TLC signals. Accordingly, aspects of the inventionfacilitate acquisition of live, ongoing forms of data into an eventdetection system with signal aggregator 308 acting as an “air trafficcontroller” of live data. Signals from multiple sources of data can beaggregated and normalized for a common purpose (e.g., of eventdetection). Data ingestion, event detection, and event notification canprocess data through multiple stages of logic with concurrency.

As such, a unified interface can handle incoming signals and content ofany kind. The interface can handle live extraction of signals acrossdimensions of time, location, and context. In some aspects, heuristicprocesses are used to determine one or more dimensions. Acquired signalscan include text and images as well as live-feed binaries, includinglive media in audio, speech, fast still frames, video streams, etc.

Signal normalization enables the world's live signals to be collected atscale and analyzed for detection and validation of live events happeningglobally. A data ingestion and event detection pipeline aggregatessignals and combines detections of various strengths into truthfulevents. Thus, normalization increases event detection efficiencyfacilitating event detection closer to “live time” or at “moment zero”.

It may be that geo cell service 303 and/or market service 304 areintegrated with and/or interoperate with and/or include geo celldatabase 111. As such, geo cell database 111 can be used to determineLocation dimension as well as to detect events.

Determining Event Truthfulness

When determining how (or if) to respond to notification of an event, anentity may consider the truthfulness of the detected event. The entitymay desire some level of confidence in the veracity of a detected eventbefore taking an action. For example, the entity may want assurancesthat a detected event isn't a hoax, fake, misinterpreted, etc.Accordingly, aspects of the invention include mechanisms for determiningtruthfulness of an event from multiple input signals used to detect theevent.

Thus, as generally described, truthfulness determination module 107 candetermine an event truthfulness. In one aspect, truth scores arecalculated for received signals as the signals are received.Truthfulness determination module 107 calculates and recalculates anevolving truth factor (truthfulness) for an event from the truth scores.In one aspect, the truth factor (truthfulness) is sent along with adetected event to event notification 116. Event notification 116 canalso send the truth factor (truthfulness) to an entity that is notifiedof the detected event. In one aspect, an entity registers to receiveevents at or above a specified truthfulness. The entity can then benotified of events having a truth factor at or above the specifiedtruthfulness. On the other hand, events having a truth factor below thespecified truthfulness can be filtered out and not sent to the entity.

Truth factor (truthfulness) can be represented as a score, a numericvalue, a percentage, etc. In one aspect, truth factor (truthfulness) isrepresented by a percentage between 0%-100% indicating a probabilitythat an associated event is actually occurring (or is actually true).Percentages closer to 100% can indicate an increased probability that anassociated event is actually occurring. On the other hand, percentagescloser to 0% can indicate a decreased probability that an associatedevent is actually occurring.

Similar indications can be associated with scores and numeric values.Higher scores or numeric values can indicate an increased likelihoodthat an associated event is actually occurring. Lower scores or numericvalues can indicate a decreased likelihood that an associated event isactually occurring. However, in other aspects, lower scores or numericvalues indicate increased likelihoods that an associated event isactually occurring and higher scores or numeric values indicatedecreased likelihoods that an associated event is actually occurring.Scores and numeric values can be in a range, such as, for example, 1-5,etc.

When the score, numeric value, percentage, etc. representing truthfactor (truthfulness) and associated with an event exceeds (oralternately is below) the specified threshold registered by an entity,the entity can be notified of the event,

In this description and the following claims, the term “confidencelevel” is synonymous with “truth factor” and/or “truthfulness”. Thus,confidence level is also applicable in implementations described asusing “truth factor” and/or “truthfulness”.

Thus, when an entity is notified of an event, the entity is alsoprovided an indication of the event's truthfulness. As such, the entitycan consider the event's truthfulness when determining how (if at all)to respond to the event.

For each normalized signal, truthfulness determination module 107 candetermine various truth related values based on characteristics of thenormalized signal. For example, truthfulness determination module 107can determine one or more of: a signal type truth value based on signaltype, a signal source truth value based on the signal source, and asignal content truth value based on content type(s) contained in thenormalized signal. Truthfulness determination module 107 can compute atruth score for a normalized signal by combining the signal type truthvalue, the signal source truth value, and the signal content truth valuedetermined for the signal. Truthfulness determination module 107 canassign the truth score to the normalized signal.

In one aspect, event detection infrastructure 103 detects an event atleast in part on truth characteristics of a signal. For example,truthfulness determination module 107 determines one or more of: asignal type truth value based on signal type of the first signal, asignal source truth value based on the signal source of the firstsignal, and a signal content truth value based on content type(s)contained in the first signal. Truthfulness determination module 107computes a first truth score for the first signal by combining: thesignal type truth value, the signal source truth value, and the signalcontent truth value determined for the first signal. Truthfulnessdetermination module 107 assigns the first truth score to the firstsignal. Based on the first truth score (e.g., exceeding a threshold),event detection infrastructure 103 can trigger an event detection forthe event. Truthfulness determination module 107 can also compute atruth factor for the detected event based on the first truth score.

Per normalized signal, event detection infrastructure 103 and/ortruthfulness determination module 107 can also determine/maintain asignal origination time, a signal reception time, and a signal location.Event detection infrastructure 103 and/or truthfulness determinationmodule 107 can track signal origination time, signal reception time, andsignal location per normalized signal. Thus, when a first normalizedsignal triggers an event detection, event detection infrastructure 103and/or truthfulness determination module 107 can determine and record asignal origination time, a signal reception time, and a signal locationassociated with the first normalized signal.

Subsequent to triggering initial event detection, event detectioninfrastructure 103 can determine that a second normalized signal isrelated to the initial event detection based on characteristics of thesecond normalized signal. Truthfulness module 107 computes one or moreof: a signal type truth value based on signal type of the second signal,a signal source truth value based on the signal source of the secondsignal, and a signal content truth value based on content type(s)contained in the second signal.

In addition, event detection infrastructure 103 and/or truthfulnessmodule 107 determines and records a signal origination time, a signalreception time, and a signal location associated with the secondnormalized signal. Event detection infrastructure 103 and/ortruthfulness determination module 107 determines a distance measurebetween the signal location of the first normalized signal and thesignal location of the second normalized signal. Event detectioninfrastructure 103 and/or truthfulness determination module 107 computesa time measure between the signal origination time of the firstnormalized signal and the signal origination time of the secondnormalized signal.

Truthfulness determination module 107 computes a second truth score forthe second normalized signal by combining: the signal type truth valuedetermined for the second normalized signal, the signal source truthvalue determined for the second normalized signal, the signal contenttruth value determined for the second normalized signal, the distancemeasure, and the time measure. Truthfulness determination module 107assigns the second truth score to the second signal. Truthfulnessdetermination module 107 can also recompute a truth factor for thedetected event based on the first truth score and the second truthscore.

If/when the event detection infrastructure determines that additionalsignals are related to the detected event, similar actions can beimplemented on a per normalized signal basis to compute a signal truthscore for the normalized signal and recompute an evolving truth factorfor the detected event from aggregated truth scores.

The truth factor for a detected event can decay over time. Time decaycan be configured per event category based on historical analysis ofsignal data. A decay function/curve can be maintained per eventcategory. A time decay function/curve can be applied to a truth factorto indicate a reduction in truthfulness as time passes from initialevent detection.

FIG. 7 illustrates a more detailed view of truthfulness determinationmodule 107. Normalized signals received at event detectioninfrastructure 103 can be sent to truthfulness determination module 107and event detector 709. From one or more normalized signals 122, eventdetector 709 can detect an event. In one aspect, geofence estimator 711estimates a distance between signals and event detector 709 considerssignals that are within a specified distance of each other (or containedin the same geofence). For example, geofence estimator 711 can estimateif signals are within the same geofence.

As depicted, truthfulness module 107 includes type valuer 702, sourcevaluer 703, content valuer 704, distance measurer 705, and time measurer706. Type valuer 702 can determine a type value for a signal based onsignal type. Source valuer 703 can determine a source value for anormalized signal based on signal source. Content valuer 704 candetermine a content value for a normalized signal based on content typescontained in the signal. Distance measurer 705 can determine a signallocation of a normalized signal and measure a distance between thesignal location of the normalized signal and the signal location of apreviously received normalized signal (when a location of a previouslyreceived normalized signal is available). Time measurer 706 candetermine a signal origination time for a normalized signal and measurea time between the signal origination time of normalized signal and thesignal origination time of a previously received normalized signal (whena origination time of a previously received normalized signal isavailable).

A type value, a source value, and a content value and, when appropriate,a distance measure and a time measure for a normalized signal can besent to score combiner 712. Score combiner 712 can combine receivedvalues and measures into a signal truthfulness score. Score combiner 712can send the signal truthfulness score to truth factor calculator 713.Truth factor calculator 713 can calculate a truth factor for an eventfrom one or more signal truth scores. Time decay component 214 candiscount a truth factor for an event over time based on a time decayfunction corresponding to a category of the event.

Thus, a truth factor for an event can evolve over time and as additionalnormalized signals are received.

As depicted, in FIG. 7 privacy infrastructure 102 can span signalingestion modules 101 and event infrastructure 103, including modulesincluded in event infrastructure 103. For example, privacyinfrastructures 102 is expressly depicted spanning truthfulnessdetermination module 107 and event detector 709 (including geofenceestimator 711). Privacy infrastructure 102 can also span other modulesincluded in truthfulness determination module 107 including type valuer702, source valuer 703, content valuer 704, distance measurer 705, timemeasurer 706, score combiner 712, and truth factor calculator 713(including time decay component 714). However, for clarity, privacyinfrastructure 102's span across type valuer 702, source valuer 703,content valuer 704, distance measurer 705, time measurer 706, scorecombiner 712, truth factor calculator 713, and time decay component 714is not expressly depicted. As such, privacy infrastructure 102 canimplement and/or apply any described data privacy operations, such as,user information removal, user information scrubbing, user informationstripping, user information obfuscation, access rule application, etc.,at and/or through interoperation with any of: truthfulness determinationmodule 107, event detector 709, geofence estimator 711, type valuer 702,source valuer 703, content valuer 704, distance measurer 705, timemeasurer 706, score combiner 712, truth factor calculator 713, or timedecay component 714.

FIG. 8 illustrates a flow chart of an example method 800 for determiningevent truthfulness. Method 800 will be described with respect to thecomponents and data depicted in FIG. 7.

Method 800 includes receiving a normalized signal including signalcharacteristics including a signal type, a signal source, and signalcontent (801). For example, event detection infrastructure 103 canreceive normalized signal 122A at time t₁. Normalized signal 122Aincludes type 128A, source 129A, and content 127A. Normalized signal122A can be forwarded to truthfulness determination module 107 and eventdetector 709.

Method 800 includes calculating a signal type truth value, a signalsource truth value, and a signal content truth value based on the signaltype, the signal source, and the signal content respectively (802). Forexample, type valuer 702 can calculate signal type truth value 731A fromtype 128A, source valuer 703 can calculate signal source truth value732A from source 129A, and content valuer 704 can calculate signalcontent truth value 733A from content 127A. Type valuer 702 can sendsignal type truth value 731A to score combiner 712. Source valuer 703can send signal source truth value 732A to score combiner 712. Contentvaluer 704 can send signal content truth value 733A to score combiner712.

Method 800 includes detecting an event in an event category based on thecharacteristics of the normalized signal (803). For example, eventdetector 709 can detect event 724 in category 726 based on thecharacteristics of normalized signal 122A (a trigger signal) (includingany of time 123A, location 124A, context 126A, content 127A, type 128A,sources 129A, etc.) Event detector 709 can send event 724 and category726 to truth factor calculator 713.

Distance measurer 705 can store location 124A as last signal location707. Time measurer 706 can store time 123A as last signal time 708.

Method 800 includes calculating a signal truth score based on the signaltype truth value, the signal source truth value, and the signal contenttruth value (804). For example, score combiner 712 can calculate signaltruth score 721A based on signal type truth value 731A, source truthvalue 732A, and signal content truth value 733A. Score combiner 712 cansend signal truth score 721A to truth factor calculator 713.

Method 800 includes calculating an event truth factor from the signaltruth score (805). For example, truth factor calculator 713 cancalculate event truth factor 727A for event 724 from signal truth score721A. Method 800 includes sending the event and the calculated eventtruth factor to an event notification module (806). For example, eventdetection infrastructure 103 can send event 724 and truth factor 727A toevent notification 116 at time t₃. Time t₃ can be after time t₁. Truthfactor 727A can indicate a truthfulness of event 724.

Method 800 includes receiving a second normalized signal includingsecond signal characteristics including a second signal type, a secondsignal source, and second signal content (807). For example, eventdetection infrastructure 103 can receive normalized signal 122B at timet₂. Normalized signal 122B includes type 128B, source 129B, and content127B. Normalized signal 122B can be forwarded to truthfulnessdetermination module 107 and event detector 709.

Method 800 includes determining that the second normalized signal isassociated with the event (808). For example, geofence estimator 711 canestimate that location 124B is within a threshold distance of location124A. Based on location 124B being estimated to be within a thresholddistance of location 124A, event detector 209 can detect signal 122B asconfirming/validating, etc. event 224.

Method 800 includes calculating a second signal type truth value, asecond signal source truth value, and a second signal content truthvalue based on the second signal type, the second signal source, and thesecond signal content respectively (809). For example, type valuer 702can calculate signal type truth value 731B from type 128B, source valuer703 can calculate signal source truth value 732B from source 129B, andcontent valuer 704 can calculate signal content truth value 733B fromcontent 127B. Type valuer 702 can send signal type truth value 731B toscore combiner 712. Source valuer 703 can send signal source truth value732B to score combiner 712. Content valuer 704 can send signal contenttruth value 733B to score combiner 712.

Method 800 includes calculating a second signal truth score based on thesecond signal type truth value, the second signal source truth value,and the second signal content truth value (810). For example, scorecombiner 712 can calculate signal truth score 721B based on signal typetruth value 731B, source truth value 732B, and signal content truthvalue 733B. Score combiner 712 can send signal truth score 721B to truthfactor calculator 713.

Method 800 includes re-calculating the event truth factor from thesignal truth score and the second signal truth score (811). For example,truth factor calculator 713 can re-calculate truth factor 727A as truthfactor 727B from signal truth score 721A and signal truth score 721B. Inone aspect, truth factor calculator 713 calculates truth factor 227B forevent 224 from a combination of truth score 721A, truth score 721B, anda time decay discount value. The time decay discount value can becalculated in accordance with a time decay function 216 corresponding tocategory 726.

Method 800 includes sending the event and the re-calculated (updated)event truth factor to an event notification module (812). For example,event detection infrastructure 103 can send event 724 and truth factor727B to event notification 116 at time t₄. Time t₄ can be after time t₂.Truth factor 727B can indicate a truthfulness of event 724. Truth factor721B can indicate increased or decreased truthfulness of event 724relative to truth factor 721A.

It may also be that distance measurer 205 measures a distance betweenlocation 124A and 124B and sends the distance measure to score combiner712. Distance measurer 705 can also store the location of signal 122B aslast signal location 207. Time measurer 706 can also measure a timedifference between time 123A and 123B and sends the measured timedifference to score combiner 712. Score combiner 712 can combine typevalue 732A, source value 732B, content value 733B, the measure distance,and the measured time difference into truth score 721B.

In some aspects, method 800 also includes one or more privacyoperations. Privacy infrastructure 102 can implement and/or apply anydescribed data privacy operations (possibly through interoperation withmodules included in event detection infrastructure 103), such as, userinformation removal, user information scrubbing, user informationstripping, user information obfuscation, access rule application, etc.,prior to, during, or after any of: 801, 802, 803, 804, 805, 806, 807,808, 809, 810, 811, or 812.

In some aspects, signals are grouped into social (Facebook, Instagram,Twitter, etc.) and non-social (EMS radio communication, CAD, TrafficCameras, etc.). Individual signals can be valued based on truth factorevaluation (e.g., Computer Aided Dispatch (CAD)) and EmergencyManagement System (EMS) radio communication signals rank higher thanTwitter/FB source signals). Geofences can be generated based onavailable signals. The geofences can then be used to monitor correlatingsignals and thus can be used to adjust (improve) truth factor on acontinuous basis. Time decay curves can be incorporated to generatevalue scores for each correlating new signal.

In one aspect, a signal truth score is computed from the equation:

Signal Truth Score=(Sig. Source Value*Sig. Type Value*Sig. ContentValue*Distance Measure*Time Measure)

An event truth factor for an event can calculated from the equation:

Truth Factor=((Signal 1 Score+Signal 2 Score+ . . . + Signal NScore)/N)*Time Decay

For each category of events, a time decay function can be used to decaya truth factor over time.

Some examples of signal Type and/or Source Rank (value) include:

TABLE 2 Signal Type and/or Source Rank Signal Source Signal Source RankTraffic Cameras 10 CAD 9 Twitter - State/Federal Agency Owned Accounts 8Facebook - State/Federal Agency Owned Accounts 7 Twitter - IndividualOwned Accounts 6 Facebook - Individual Owned Accounts 5 Instagram 4Other 3

Some examples of Signal Distance Rank (value) include:

TABLE 3 Signal Distance Rank Distance measure between the previoussignal and the next new signal (in meters) Signal Distance Rank  50 10100 9 200 8 500 7 800 6 1000+ 5

Some example Signal Time Rank (value) include:

TABLE 4 Signal Time Rank Time measure between the previous signal andthe next new signal (in seconds) Signal Time Rank  30 10  60 9 180 8 3007 600 6  900+ 5

Truthfulness determination module 107 can operate concurrently withother modules included in event detection infrastructure 103 and withprivacy infrastructure 102.

Determining Event Severity

Severity scores of individual normalized signals can be consideredduring event detection. In one aspect, the severity of an event isdetermined from characteristics of multiple normalized signals. Eventseverity can be determined concurrently with event detection anddetermination of other signal/event characteristics, including eventtruthfulness.

An event severity indicates how severe an event is (e.g., what degree ofbadness, what degree of damage, etc. is associated with the event).Severity can range from less severe (e.g., a single vehicle accidentwithout injuries) to more severe (e.g., multi vehicle accident withmultiple injuries and a possible fatality). As another example, ashooting event can also range from less severe (e.g., one victim withoutlife threatening injuries) to more severe (e.g., multiple injuries andmultiple fatalities). In one aspect, severity is represented as anumerical value, such as, for example, from 1 (less severe) to 5 (moresevere). Other severity representations, such as, for example, “low”,“medium”, and “high”, are also possible. Additional severityrepresentations include percentages are also possible.

Signal volume (e.g., signal bursts) can be considered when derivingseverity for an event. Signal groupings can also be considered fromderiving severity for an event. Severity of historical events andcorresponding combinations of normalized signals used to detect thehistorical events can be considered when deriving severity for a newevent.

In one aspect, event detection infrastructure 103 determines thatcharacteristics of a first normalized signal provide a basis fordetection of an event. For the first normalized signal, severitydetermination module 108 determines one or more of: a signal locationseverity value based on signal location of the first normalized signal,a signal time severity value based on a signal time of the firstnormalized signal, a signal response severity value based on a dispatchcodes in the first normalized signal, a signal category severity valuebased on a signal category of the first normalized signal, and a signalimpact severity value based on a signal impact (e.g., onpeople/property) of the first normalized signal. Severity determinationmodule 108 can compute a first signal severity score for the firstnormalized signal by combining: the signal location severity value, thesignal time severity value, the signal response severity value, thesignal category severity value, and the signal impact severity value.

Severity determination module 108 can also calculate an event severityrank from the first signal severity score.

Per normalized signal, event detection infrastructure 103 can alsodetermine/maintain a signal origination time, a signal reception time,and a signal location. Event detection infrastructure 103 can tracksignal origination time, signal reception time, and signal location pernormalized signal. Thus, when a first normalized signal triggers anevent detection, event detection infrastructure 103 can determine andrecord a signal origination time, a signal reception time, and a signallocation associated with the first normalized signal.

Subsequent to triggering event detection, event detection infrastructure103 can determine that a second normalized signal is related to theinitial event detection based on characteristics of the secondnormalized signal. For the second normalized signal, severitydetermination module 108 determines one or more of: a second signallocation severity value based on signal location of the secondnormalized signal, a second signal time severity value based on a signaltime of the second normalized signal, a second signal response severityvalue based on a dispatch codes in the second normalized signal, asignal category severity value based on a signal category of the secondnormalized signal, and a signal impact severity value based on a signalimpact (e.g., on people/property) of the second normalized signal.

In addition, event detection infrastructure 103 determines and records asignal origination time, a signal reception time, and a signal locationassociated with the second normalized signal. Event detectioninfrastructure 103 determines a distance measure between the signallocation of the first normalized signal and the signal location of thesecond normalized signal. Event detection infrastructure 103 alsodetermines a time measure between the signal origination time of thefirst normalized signal and the signal origination time of the secondnormalized signal. The distance measure and time measure can be used togroup normalized signals within a specified distance or time of oneanother.

Severity determination module 108 can compute a second signal severityscore for the second normalized signal by combining: the second signallocation severity value, the second signal time severity value, thesecond signal response severity value, the second signal categoryseverity value, and the second signal impact severity value.

Severity determination module 108 recalculates the event severity rankfor the event from the first signal severity score and the second signalseverity score.

If/when event detection infrastructure 103 determines that additionalnormalized signals are related to the event, similar actions can beimplemented on a per normalized signal basis to calculate a signalseverity score for the normalized signal and recalculate an evolvingevent severity rank for the event from aggregated signal severityscores.

Severity determination module 108 can also consider event related signalvolume, for example, a count of available CAD signals, burst detectionof social signals, etc., when calculating an event severity rank for anevent. For example, a burst of normalized signals related to an eventmay indicate a more severe event. Severity determination module 108 canalso consider signal groupings when calculating an event severity rankfor an event. A tighter grouping of normalized signals may indicate amore localized and thus less severe event. On the other hand, a widergrouping of normalized signals may indicate a less localized and thusmore severe event.

Severity determination module 108 can also consider historical eventsand corresponding combinations of normalized signals used to detect thehistorical events when calculating a severity rank for a new event. Forexample, if a similar event was received in the past and assigned aparticular severity rank, it may be appropriate to assign a similarseverity rank to a new event.

FIG. 9 illustrates a more detailed view of severity determination module107. Normalized signals 122 received at event detection infrastructure103 can be sent to severity determination module 108 and event detector909 (e.g., event detector 709). From one or more normalized signals 122,event detector 209 can detect an event. From one or more normalizedsignals 122 and detected events, severity determination module 108 candetect the severity of an event.

As depicted, severity determination module 108 includes modules 901,score combiner 913 and severity rank calculator 913. Modules 901 furtherinclude location valuer 902, time valuer 903, response valuer 904,categorization valuer 905, impact valuer 906, distance measurer 907, andtime measurer 908. Location valuer 902 can determine a location severityvalue for a signal or event based on normalized signal location. Timevaluer 903 can determine a time severity value for a signal or eventbased on normalized signal time. Response valuer 904 can determine aresponse severity value for a signal or event based on a response to anormalized signal. Categorization valuer 905 can determine a categoryseverity value for a signal or event based on a category of a normalizedsignal. Impact valuer 906 can determine an impact severity value for asignal or event based on an impact associated with a normalized signal.Distance measurer 907 can determine a physical distance betweendifferent normalized signals. Time measurer 908 can determine a timedistance between different normalized signals. Distance measurer 907 andtime measure 908 can interoperate to detect signal bursts and groupsignals.

When available, any of a location severity value, a time severity value,a response severity value, a category severity value, an impact severityvalue can be sent to score combiner 912. Score combiner 912 can combinereceived values and into a signal severity score or an event severityscore. Score combiner 912 can send an event severity score to severityrank calculator 913. Distance measurer 907/time measurer 908 can alsoindicated signal bursts, signal groups to severity rank calculator 913.Severity rank calculator 913 can calculate a severity rank for an eventfrom one or more event severity scores, indications of signal burstsand/or signal groupings, and possibly also through reference to severityranks of historical events and signals.

As such, a severity event rank can evolve over time and as additionalsignals are received.

As depicted, in FIG. 9 privacy infrastructure 102 can span signalingestion modules 101 and event infrastructure 103, including modulesincluded in event infrastructure 103. For example, privacyinfrastructures 102 is expressly depicted spanning severitydetermination module 108 and event detector 909. Privacy infrastructure102 can also span other modules included in severity determinationmodule 108 including modules 901, location valuer 902, time valuer 903,response valuer 904, categorization valuer 905, impact valuer 906,distance measurer 907, time measurer 908, score combiner 912, andseverity rank calculator 913. However, for clarity, privacyinfrastructure 102's span across modules 901, location valuer 902, timevaluer 903, response valuer 904, categorization valuer 905, impactvaluer 906, distance measurer 907, time measurer 908, score combiner912, and severity rank calculator 913 is not expressly depicted. Assuch, privacy infrastructure 102 can implement and/or apply anydescribed data privacy operations, such as, user information removal,user information scrubbing, user information stripping, user informationobfuscation, access rule application, etc., at and/or throughinteroperation with any of: severity determination module 108, eventdetector 909, modules 901, location valuer 902, time valuer 903,response valuer 904, categorization valuer 905, impact valuer 906,distance measurer 907, time measurer 908, score combiner 912, orseverity rank calculator 913.

FIG. 10 illustrates a flow chart of an example method 1000 fordetermining event truthfulness. Method 1000 will be described withrespect to the components and data depicted in FIG. 9.

Method 1000 includes receiving a normalized signal including signalcharacteristics including a signal type, a signal source, and signalcontent detecting an event from the content of the first signal (1001).For example, event detection infrastructure 103 can receive normalizedsignal 122A at time t₁. Normalized signal 122A includes type 128A,source 129A, and content 127A. Normalized signal 122A can be forwardedto severity determination module 108 and event detector 909 (which maybe event detector 709).

Method 1000 includes detecting an event from the content of thenormalized signal (1002). For example, event detector 709 can detectevent 924 (e.g., event 724) in category 926 (e.g., category 726) basedon the characteristics of normalized signal 122A (a trigger signal)(including any of time 123A, location 124A, context 126A, content 127A,type 128A, sources 129A, etc.) Event detector 909 can send event 924 andcategory 926 to severity rank calculator 913 and to any of modules 901.

Method 1000 includes calculating a location severity value, a timeseverity value, a response severity value, a category severity value,and an impact severity value based on a location, time, response,category, and impact respectively associated with the normalized signal(1003). For example, location valuer 902, time valuer 903, responsevaluer 904, categorization valuer 905, and impact valuer 906 can eachcalculate a corresponding severity value for signal 122A, collectivelyrepresented as severity values 922A. Distance measurer 907 can determineand store the location of signal 122A. Time measurer 908 can determineand store an origination time of signal 122A.

Method 1000 includes calculating a severity score for the normalizedsignal based on the location severity value, the time severity value,the response severity value, the category severity value, and the impactseverity value (1004). For example, score combiner 912 can combineseverity values 922A into severity score 921A. Score combiner 912 cansend severity score 921A to severity rank calculator 913.

Method 1000 includes calculating an event severity rank for the eventfrom the severity score (1005). For example, severity rank calculator913 can calculate severity 927A for event 924 from severity score 921A.Method 1000 includes sending the event and the event severity rank to anevent notification module (1006). For example, event detectioninfrastructure 103 can send event 924 along with severity rank 927A toevent notification at time t₅.

Method 1000 includes receiving a second normalized signal includingsecond signal characteristics including a second signal type, a secondsignal source, and second signal content (1007). For example, eventdetection infrastructure 103 can receive normalized signal 122B at timet₂. Normalized signal 122B includes type 128B, source 129B, and content127B. Normalized signal 122B can be forwarded to severity determinationmodule 108 and event detector 909 (which may be event detector 709).

Method 1000 includes determining that the second normalized signal isassociated with the event (1008). For example, event detector 909 candetermine that normalized signal 122B is associated with event 924.

Method 1000 includes calculating a second location severity value, asecond time severity value, a second response severity value, a secondcategory severity value, and a second impact severity value based on alocation, time, response, category, and impact respectively associatedwith the second normalized signal (1009). For example, location valuer902, time valuer 903, response valuer 904, categorization valuer 905,and impact valuer 906 can each calculate a corresponding severity valuefor signal 122B, collectively represented as severity values 922B.Distance measurer 907 can determine and store the location of signal122B. Time measurer 908 can determine and store an origination time ofsignal 122B. Based on locations and origination times, distance measurer907/time measurer 908 can determine that normalized signals 922A and922B are in a signal group 927 (and possibly part of a signal burst).

Method 1000 includes calculating a second severity score for the secondnormalized signal based on the second location severity value, thesecond time severity value, the second response severity value, thesecond category severity value, and the second impact severity value(1010). For example, score combiner 912 can combine severity values 922Binto severity score 921B. Score combiner 912 can send severity score921B to severity rank calculator 913. Distance measurer 907/timemeasurer 908 can also send signal groups 927 to severity rank calculator913.

Method 1000 includes calculating an updated event severity rank for theevent from the first severity score and the second severity score(1011). For example, severity rank calculator 913 can calculate severity927B for event 924 from severity score 921A, severity score 921B, andsignal groups 927 (and/or one or more signal bursts). Method 1000includes sending the event and the updated event severity rank to theevent notification module (1012). For example, event detectioninfrastructure 103 can send event 924 along with severity rank 927B toevent notification at time t₆.

In one aspect, event 924 is sent to severity determination module 108.

Location valuer 902, time valuer 903, response valuer 904,categorization valuer 905, and impact valuer 906 can calculate severityvalues 926 from characteristics of event 224. Distance measurer 907 candetermine and store the location of event 924. Score combiner 912 cancombine severity values 926 into severity score 928. Score combiner 912can send severity score 928 to severity rank calculator 913. Severityrank calculator 913 can calculate an additional severity rank for event224 from severity score 921A, severity score 921B, severity score 928,and signal groups 927. Event detection infrastructure 103 can send event224 with the additional severity rank to event notification 116.

In some aspects, method 1000 also includes one or more privacyoperations. Privacy infrastructure 102 can implement and/or apply anydescribed data privacy operations (possibly through interoperation withmodules included in event detection infrastructure 103), such as, userinformation removal, user information scrubbing, user informationstripping, user information obfuscation, access rule application, etc.,prior to, during, or after any of: 1001, 1002, 1003, 1004, 1005, 1006,1007, 1008, 1009, 1010, 1011, or 1012.

In some aspects, signals are grouped into social (Facebook, Instagram,Twitter, etc.) and non-social (EMS radio communication, CAD, TrafficCameras, etc.). Individual signals can be valued based on severity rankevaluation (e.g., CAD (computer aided dispatch) and Traffic Camerasignals rank higher than Twitter/FB source signals). Geofences can begenerated based on available signals. The geofences can then be used tomonitor correlating signals and thus can be used to improve severityrank on a continuous basis.

In one aspect, criteria used for a severity assessment includesignal/event location, signal/event time, event response (dispatch code,nature of 911 call, etc.), event categorization, event related signalvolume, such as, count of signals, detection of bursts of socialsignals/events, etc., and event impact (e.g., people/property impacted).

A weighted average module (e.g., integrated into and/or spanning scorecombiner 912 and/or severity rank calculator 913) can be used todetermine event severities.

Location Rank (L1): location groups (cities, schools, hospitals, placesof interest etc.)

Time Rank (T1): time of occurrence which can directly influence theseverity

Response Rank (R1): Priority Dispatch Codes, and whether it's fire,police, or medical, or all of them+SWAT can correspond to higher ranks

Category Rank (C1): Fire, Accident, Explosion, etc. can have a higherseverity rank than certain other event categories

Signal Rank (S1): Rank signal groups based on historical observations

Impact Rank (I1): Rank keywords (Killed, Hurt, Hospitalized, SWAT, ShotsFired, Officer Shot, Biohazard, Terrorism, etc.)—places keywords (subwaystations, airports, Whitehouse, etc. have higher ranks)

Wherein, Event Severity Rank=(L1*W1)+(T1*W2)+(C1*W3)+(S1*W4)+(I1*W5) andW1, W2, Wn, etc. represent corresponding weights. Weights can be deriveddynamically using machine learning models built on an historical eventsdatabase (i.e., derived based on historical event dissections). EventSeverity can be normalized to derive a Severity Rank (e.g., scorebetween 1 and 5, range of “low”, “medium”, or “high”, etc.)

Severity determination module 108 can operate concurrently with any of:truthfulness determination module 107, other modules includes in eventdetection infrastructure 103, and privacy infrastructure 102.

Event Identification And Notification Based On Entity Preferences

Aspects of the invention identify relevant events and notify entities ofrelevant events based on entity selected event notification preferences.Entities indicate event notification preferences to an eventnotification service. An event detection infrastructure detects eventsbased on received signals. The notification service monitors detectedevents. For each detected event, the notification service comparescharacteristics of the detected event to event notification preferencesfor one or more entities. Based on the comparisons, the eventnotification service determines if an event satisfies event notificationpreferences for any entities. The event notification service notifiesentities having satisfied event notification preferences about theevent. Components that facilitate identifying relevant events andnotifying entities of relevant events can be integrated with dataingestion modules and an event detection infrastructure.

Detected events can be of interest to entities, such as, for example,parents, guardians, teachers, social workers, first responders,hospitals, delivery services, media outlets, government entities,government agencies, etc. based on event characteristics, such as, forexample, a combination of one or more of: event location, eventcategory, event truthfulness, and event severity. For example, a teachermay be interested in shooting and police presence events at and within aspecified of distance of a school where they work regardless oftruthfulness, severity, or when the event occurred. On the other hand, aparent may be interested in shooting events at the school having atleast a specified truthfulness and regardless of severity and time butnot interested in shootings in the surrounding area and not interestedin other police presence events at the school.

To be notified of events they deem relevant, entities can indicate eventnotification preferences at a user interface. The user interface caninclude controls for indicating location preferences, distance rangepreferences, event category preferences, event truthfulness preferences,event severity preferences, and event time preferences. An entity canselect various preferences through the user interface to define eventsof interest to the entity. A preference can be indicated as a less than,a less than or equal to, a greater than, a greater than or equal to, orequals, as well as combinations thereof.

For example, an entity may be interested in accidents (event categorypreference), within 5 miles of their house (location preference anddistance range preference), having at least an 80% probability to betrue (truthfulness preference), having a specified severity (severitypreference), and that occurred in the last 30 minutes. Severity may beconsidered as a gradient. For example, for accidents: one vehicle, noinjuries (severity 1), one vehicle and minor injuries (severity 2),multiple vehicles or a serious injury, (severity 3), life threateninginjuries (severity 4), fatalities (severity 5). If the entity isinterested in information impacting their commute, they may prefernotification about any accidents and can indicate notification foraccidents of severity 1 or greater. On the other hand, a firehouse maybe interested in accidents of severity 3 or greater, for example, wheremedical and/or occupant extraction services may be needed.

An entity may be interested in different categories of events in and/oraround multiple different locations that having at least a specifiedtruthfulness and/or that have at least a specified severity and/or maydesire event notification within a specified time of event detection. Assuch, an entity can enter multiple different sets of preferences.

Entity event notification preferences can be stored in a preferencesdatabase. Each set of preferences for an entity can be stored along withan entity ID for the entity.

When the event identification module receives a detected event, theevent identification module can compare characteristics of the event todifferent sets of entity event notification preferences. When thecharacteristics of an event satisfy a set of entity preferencesassociated with an entity, the event and an entity ID of the entity aresent to an event notification module. If characteristics of an eventsatisfy multiple sets of entity preferences, the event and entity IDsfor each associated entity are sent to the event notification module.

The event notification module refers to notification preferences, todetermine how to notify an entity. An entity can be notified via email,via text message, through other messaging infrastructures, by storing anevent in durable storage, etc. An event can be formatted forcompatibility with entity systems. For example, an event can be storedin a data format requested by an entity. In one aspect, an eventdetecting in a format used by one entity. The even can be translatedinto a format used by another entity. As such the meaning of the eventcan be translated from the one entity to the other entity. A timepreference can indicate a desire to be notified of an event within aspecified time of event detection. In one aspect, the specified timeranges from live-time (essentially a preference to be notifiedconcurrently with event detection) to 60 minutes.

FIGS. 11A-1 and 11A-2 illustrate a computer architecture thatfacilitates identifying relevant events and notifying entities ofrelevant events. In one aspect, event detection infrastructure 103generates event feed 1101. Event feed 1101 includes detected events,including event 1101A, event 1101B, etc. Each event can include an eventID, a time, a location, a description, a category (or categories) (i.e.,context), a truthfulness, and a severity. For example, event 1101Aincludes ID 1102A, time 1103A, location 1104A, description 1105A,category (or categories) 1106A, truth 1107A, and severity 1108A.Similarly, event 1101B includes ID 1102B, time 1103B, location 1104B,description 1105B, category (or categories) 1106B, truth 1107B, andseverity 1108B.

Event detection infrastructure 103 can send event feed 1101 to eventnotification 116.

As depicted in FIG. 11A-2, user interface 1111 includes location control1112, distance control 1113, time control 1114, severity control 1116,truth control 1117, and category control 1118. Location control 1112 canbe used to select locations of interest to an entity. Distance control1113 can be used to select a distance from (e.g., a radius or othershape around) a selected location or define an area that is of interestto the entity. Location control 1112 and distance control 1113 can beutilized in tandem to indicate any of: a distance from a fixed location,a geo fenced area, or specific types of locations contained in a geofenced area.

Category control 1118 can be used to select event categories (i.e.,context) of interest to an entity. Time control 1114 can be used toindicate a time frame (e.g., 1, 5, 10, 15, or 30 minutes) in which anentity wishes to be notified of events after event detection. The timeframe can be defined as an event age after which there is no longerinterest in being notified of events that otherwise satisfy entitynotification preferences. In one aspect, time control 1114 is used toindicate an interest in being notified of events in “live time” oressentially at “moment zero”. In another aspect, time control 1114 isused to indicate an interest in being notified of events within 60minutes of detection. Severity control 1116 can be used to indicateevent severities of interest to the user. Truth control 1117 can be usedto indicate event truthfulness of interest to the user.

Other times settings can be configured to indicate when the user desiresto be notified. For example, a user may be interested in events that aredetected in “live time” or essentially at “moment zero” but wants to benotified on the hour, once a day, etc.

User interface 1111 can also include controls for identifying entitiesto be notified when event notification preferences are satisfied. Forexample, an entity selecting event notification preferences can select apreference to notify themselves and/or others of relevant events. Userinterface 1111 can also include controls enabling an entity to selectnotification mechanisms, such as, text message, email, data file, etc.per entity that is to be notified.

The depicted controls as well as other indicated controls of userinterface 1111 can be graphical user interface controls including anyof: check boxes, radio buttons, dials, sliders, text entry fields, etc.

Entity 1121 can enter entity input 1149 at user interface 1111 toformulate preferences 1126. Entity 1121 can select, adjust, manipulate,etc. one or more of location control 1112, distance control 1113, timecontrol 1114, severity control 1116, truth control 117, and categorycontrol 1118 to formulate preferences 1126. Entity 1121 can also selectone or more notification mechanisms at user interface 1111. When entity1121 completes preference selection, user interface 1111 can storepreferences 1126 as preference set 1127 in event preferences database1109.

As depicted, preference set 1127 includes entity ID 1141 (of entity1121), location preferences 1142 (e.g., indicating a location ofinterest or an area of interest), distance preferences 1143, categorypreferences 1144, severity preferences 1146, truth preferences 1147, andtime preferences 1148. For example, preference set 1127 can indicatethat entity 1121 is interested in police presence events (category)within one mile of a high school (location and distance) within 5minutes of detection (time preference), that have at least a specifiedseverity, that have a 50% or greater probability of being true.

Time preferences 1148 can indicate interest in events less than or equalto a maximum age (and that otherwise meet entity notificationrequirements). In one aspect, time preferences 1148 indicate that entity1121 desires to be notified of relevant events detected in “live time”or essentially at “moment zero” (and that otherwise satisfied entitynotification preferences). In another aspect, time preferences 1148indicate that entity 1121 desires to also be notified of relevant eventsdetected within some amount time after moment zero, for example, inrange between 1 and 60 minutes (and that otherwise satisfied entitynotification preferences).

For example, an entity may register to be notified of events that areless than 30 minutes old and have truthfulness (e.g., confidence level)threshold of at least 75%. At “moment zero” can event may be detectedand have an associated truthfulness (confidence level) of 40%. Theentity is not notified of the event because the truthfulness does notsatisfy the truthfulness threshold. 35 minutes later another signal isreceived raising the associated truthfulness (confidence level) to 80%.However, the entity is still not notified of the event because theentity is not interested in events that are older than 30 minutes,

In one aspect, an application is installed on a mobile phone used byentity 1121. User interface 1111 is included in the application. Inanother aspect, user interface 1111 is a web-based interface access byentity 1121 using a browser.

Entity 1121 can utilize user interface 1111 to formulate otherpreference sets. Other users can also utilize user interface 1111 orother similar user interfaces to formulate additional preference sets(e.g., at their mobile phones).

From time to time, or on an ongoing basis, event identification module118 can access entity preference sets 1128, including preference set1127, from event preferences database 1109. As event identificationmodule 118 receives events, identification module 118 filters event feed1101 to identify events that entities have defined as relevant inpreference sets. Event identification module 118 comparescharacteristics of received events to entity preference sets 1128 todetermine if events satisfy any event preference sets.

As depicted, in FIGS. 11A-1 and 11A-2 privacy infrastructure 102 spansevent infrastructure 103, event notification 116, including eventidentification module 118, and user interface 1111. As such, privacyinfrastructure 102 can implement and/or apply any described data privacyoperations, such as, user information removal, user informationscrubbing, user information stripping, user information obfuscation,access rule application, etc., at and/or through interoperation with anyof: infrastructure 103, event notification 116, event identificationmodule 118, or user interface 1111.

FIG. 12A illustrates a flow chart of an example method 1200 foridentifying relevant events and notifying entities of relevant events.Method 1200 will be described with respect to the components and datadepicted in FIG. 11A.

Method 1200 includes receiving an event feed containing a plurality ofevents, each event detected from one or more normalized signals, eachevent including an event location, an event category, an event an eventtruthfulness, an event severity, and an event time (1201). For example,event notification 116 can receive event feed 1101, including events1101A, 1101B, etc.

Method 1200 includes accessing entity notification preferences definingevents relevant to an entity, the entity notification preferencesincluding category preferences, location preferences, distancepreferences, truth preferences, severity preferences, and timepreferences, the location preferences and distance preferencescollectively defining that the entity is interested in events within aspecified distance of one or more locations, the time preferencesdefining that the entity desires event notification at least within aspecified time period of event detection (1202). For example, from timeto time, or on an ongoing basis event identification module 118 canaccess entity preference sets 1128, including preference set 1127, fromevent preferences database 1109.

Method 1200 includes for an event in the event feed, comparingcharacteristics of the event to the entity notification preferences(1203). For example, as event notification 116 receives event feed 1011,identification module 118 filters event feed 1101 to identify eventsthat entities have defined as relevant in preference sets. Eventidentification module 118 compares characteristics of received events toentity preference sets 1128 to determine if events satisfy any eventpreference sets. For example, event identification module 118 cancompare the characteristics of event 1101A to preference set 1127.

More specifically, method 1200 includes comparing the event location tothe location preferences in view of the distance preferences (1204),comparing the event category to the category preferences (1205),comparing the event truthfulness to the truth preferences (1206), andcomparing the event severity to the severity preferences (1207). Forexample, event identification module 118 can compare location 1104A tolocation preferences 1142 in view of distance preferences 1143, cancompare category (or categories) 1106A to category preferences 1144, cancompare truthfulness 1107A to truth preferences 1147, and can compareseverity 1108A to severity preferences 1148.

Method 1200 incudes determining that the event satisfies the entitynotification preferences based on the comparisons (1208). For example,event identification module 118 can determine that event 1101A satisfiespreference set 1127. Method 1200 includes notifying an electronic deviceof the event in compliance with the time preferences (1209). Forexample, event notification 116 can send notification 1171 (of event1101A) to an electronic device (e.g., a mobile phone) associated withentity 1121 in compliance with time preferences 1148. Event notification116 can also store notification 1171 at storage 1192. In one aspect,notification 1171 is sent essentially at “moment zero” or in“live-time”. In another aspect, notification 1171 is sent after aconfigured delay, for example, between zero and 60 minutes.

In some aspects, method 1200 also includes one or more privacyoperations. Privacy infrastructure 102 can implement and/or apply anydescribed data privacy operations (possibly through interoperation withmodules included in one or more of: event detection infrastructure 103,event notification 116, or user interface 1111), such as, userinformation removal, user information scrubbing, user informationstripping, user information obfuscation, access rule application, etc.,prior to, during, or after any of: 1201, 1202, 1203, 1204, 1205, 1206,1207, 1208, or 1209.

In one aspect, notification 1171 includes at least some content fromevent 1101A, such as, for example, time 1103A, location 1104A,description 1105A, and category (or categories) 106A. Entity 1121 mayuse storage 1192 to store relevant events over a period of time andsubsequently use the stored events in other data processing operations.

If event identification module 118 determines that event 1101A satisfiesother additional preference sets, notifications can be set to entitiescorresponding to those preferences sets. Event notification module 116can notify other entities in accordance with their notificationpreferences.

Event identification module 118 through interoperation with eventdetection infrastructure 103, event preferences database 1109, and eventnotification 116, essentially functions as a controller of live data.Accordingly, aspects of the invention allow entities to tailor eventnotifications to their specific needs and desires and receive eventnotifications for events they deem relevant (without being bombardedwith irrelevant events) in a timely manner.

In other scenarios, an entity and/or their associates, related entities,such as, security personnel, etc. may be interested in events at oraround the entity's current location and/or events at or aroundlocations the entity may visit in the near future. The entity and/ortheir associates, related entities, etc. may interested in events on anongoing basis, including updates as the entity moves between differentlocations. For example, a person travelling may be interested in eventsahead of them on the highway that might slow down their travel.Government officials/corporate executives and/or their securitypersonnel may be interested in events posing a threat of physical injuryto the government officials/corporate executive at a location or intransit between locations. First responders may be interested inmedical, fire, or law enforcement related events near their location tomore quickly provide relevant services. An air traveler may beinterested in events at their destination.

Aspects of the invention identify relevant events and notify entities(or their associates, related entities, etc.) of relevant events basedon current location or predicted future location of an entity, forexample, to provide situational awareness about the entity's current orfuture surroundings. Current entity location as well as probable futureentity locations can be considered when determining event relevancy.Current location and probable future location can be derived from entitylocation information. Entity location information can be expresslydefined and/or inferred from other information about the entity.

In one aspect, a current location of an entity is determined fromexpressly defined and/or inferred entity location information. Theentity (or their associates, related entities, etc.) is sent eventnotifications to notify the entity (or their associates, relatedentities, etc.) of relevant events at or near the entity's currentlocation. The entity's current location can be determined, and eventnotifications sent to the entity (or their associates, related entities,etc.) on an ongoing basis to update the entity (or their associates,related entities, etc.) as the entity moves between locations.

In another aspect, expressly defined and/or inferred entity locationinformation is used to predict, derive, etc., the entity'spossible/probable future location(s). The entity (or their associates,related entities, etc.) is sent event notifications to notify the entity(or their associates, related entities, etc.) about relevant events ator near the entity's possible/probable future location(s). Changes to anentity's possible/probable future location(s) can be predicted, derived,etc., on an ongoing basis as expressly defined location informationand/or inferred location information for an entity changes. Aspossible/probable future location(s) change, the entity (or theirassociates, related entities, etc.) is sent event notifications toupdate the entity (or their associates, related entities, etc.) aboutrelevant events at or near the changed future location(s).

As described, entities can indicate event notification preferences to anevent notification service. An event detection infrastructure detectsevents based on received signals. The notification service monitorsdetected events. For each detected event, the notification servicecompares characteristics of the detected event to event notificationpreferences for one or more entities. Based on the comparisons, theevent notification service determines if an event satisfies eventnotification preferences for any entities. The event notificationservice notifies entities having satisfied event notificationpreferences about the event.

Location control 1112 and distance control 1113 can be utilized intandem to indicate preferences for being notified of events at anentity's current location and/or for being notified of events at anentity's probably future location(s). Also as described, user interface1111 can include controls for identifying entities to be notified whenevent notification preferences are satisfied. For example, an entityselecting event notification preferences can select a preference tonotify themselves and/or others of relevant events.

In one aspect, an entity registers event notification preferencesindicating a desire to be notified of events at or near the entity'scurrent location and/or to be notified of events at or near the entity'spredicted future locations. Alternatively, and/or in combination, anentity (e.g., a protectee) registers event notification preferencesindicating a desire that another entity (e.g., the protectee's securitypersonnel) be notified of events at or near the entity's currentlocation and/or to be notified of events at or near the entity'spredicted future locations. In a further aspect, an entity (e.g., aprotectee's security personnel) registers notification preferencesindicating a desire to be notified of events at or near another entity's(e.g., the protectee) current location and/or to be notified of eventsat or near the other entity's predicted future locations. User interfacecontrols associated with location and distance preferences can be usedto define an interest in events at or within a specified distance of anentity's current location and/or at or within a specified distance ofthe entity's probably future location(s). The event notification servicecan then notify an appropriate entity or entities of relevant events ator near an entity's current location and/or at or near the entity'spossible/probable future location(s) as appropriate.

For example, an entity may be interested in accidents (event categorypreference), within one mile of their current location as they aredriving (location and distance range preference), having at least an 75%probability to be true (truthfulness preference), of any severity(severity preference), and desires event notification of accident thatoccurred within the last hour (time preference). In another example, anentity on an airplane may be interested in demonstrations (eventcategory preference) in a city where they may be landing within the nexthour (location and time preference), having at least a 70% probabilityto be true (truth preference), and having moderate severity (severitypreference). As a further example, a police officer in his/her patrolcar may be interested in any crime related events (event categorypreference) within a half-mile of his/her current location on an ongoingbasis as he/she patrols (location and distance range preference), havingat least a 60% probability to be true (truth preference), having highseverity (e.g., crimes against person) (severity preference), anddesires event notification of events that occurred in the last 5 minutes(or in “live time”)(time preference).

If there is an interest in events within a specified distance of anentity's current location, a location awareness module can accesslocation data and/or other location related data corresponding to and/orshared by the entity. The location awareness module uses the locationdata and/or the other location related data to determine (or at leastestimate) the entity's current location. In some aspects, location data(e.g., coordinates of a mobile phone, coordinates of a connectedvehicle, location data from a location service, etc.) expressly definesthe entity's current location. The location awareness module calculatesthe entity's location from the location data.

In other aspects, other location related data, such as, for example,navigation maps, map routing data, navigational data, calendar data,travel itineraries, social media data, indirectly indicate an entity'slocation. The location awareness module infers the entity's currentlocation from the other location related data. In one aspect, artificialintelligence and/or machine learning is used to infer an entity'scurrent location from other location related data.

In general, an event identification module can compare an event locationto an entity's current location to determine if an event is relevant tothe entity (e.g., in accordance with distance preferences). In oneaspect, artificial intelligence and/or machine learning is used todetermine if an event is relevant to an entity based on currentlocation.

If there is an interest in events within a specified distance of anentity's future location(s), the location awareness module can accesslocation data and/or other location related data corresponding to and/orshared by the entity. The location awareness module predicts probablefuture locations of the entity from the location data and/or otherlocation related data. In one aspect, artificial intelligence and/ormachine learning is used to infer an entity's probable futurelocation(s) from the location data and/or other location related data.For example, from a flight itinerary, the location awareness module caninfer that an entity is to land at a destination in a specified periodof time. In another example, from a current location on a highway,vehicle speed, and a map route, the location awareness module can inferthat an entity is to arrive in a particular town in a specified periodof time.

The event identification module can compare an event location to anentity's probably future location(s) to determine if an event isrelevant to the entity (e.g., in accordance with distance preferences).In one aspect, artificial intelligence and/or machine learning is usedto determine if an event is relevant to the entity based on probablefuture location(s).

An event notification module refers to notification preferences, todetermine how to notify an entity (either about events relevant to themor events relevant to another entity). An entity can be notified viaemail, via text message, through other messaging infrastructures, bystoring an event in durable storage, etc. An event can be formatted forcompatibility with entity systems. For example, an event can be storedin a data format requested by an entity.

FIG. 11B illustrates a computer architecture that facilitatesidentifying relevant events and notifying entities of relevant events.As depicted in FIG. 11B, event identification module 118 includeslocation awareness module 1179. In general, location awareness module1179 can access location data and/or other (location related) data foran entity. Location awareness module 1179 can (possibly using artificialintelligence and/or machine learning) determine (or at least estimate) acurrent location of the entity from the location data and/or other(location related) data. Location awareness module 1179 can also(possibly using artificial intelligence and/or machine learning) predict(or at least estimate) probable future location(s) of the entity fromthe location data and/or other (location related) data

As described, user interface 1111 includes location control 1112,distance control 1113, time control 1114, severity control 1116, truthcontrol 1117, and category control 1118. The various controls can bemanipulated by an entity to enter event notification preferences. Alsoas described, user interface 1111 can include controls enabling anentity to select notification mechanisms, such as, text message, email,data file, etc.

Entity 1122 can enter entity input 1151 at user interface 1111 toformulate preferences 1136. Entity 1122 can select, adjust, manipulate,etc. one or more of location control 1112, distance control 1113, timecontrol 1114, severity control 1116, truth control 117, and categorycontrol 1118 to formulate preferences 1126. Entity 1122 can also selectone or more notification mechanisms at user interface 1111. When entity1122 completes preference selection, user interface 1111 can storepreferences 1136 as preference set 1137 in event preferences database1109.

Time preferences 1168 can indicate a time delay after which anotification for a relevant event can be sent. In one aspect, timepreferences 1168 indicate that entity 1121 desires to be notified ofrelevant events in “live time” or essentially at “moment zero”. Inanother aspect, time preferences 1168 indicate that entity 1122 desiresto be notified of relevant events after a time delay of between zero and60 minutes.

As depicted, preference set 1137 includes entity ID 1161 (of entity1121), location preferences 1162 (e.g., indicating interest in events atentity 1122's current and/or probable future locations), distancepreferences 1163, category preferences 1164, severity preferences 1166,truth preferences 1167, and time preferences 1168. For example,preference set 1137 can indicate that entity 1122 is interested inpolice presence events (category) within a specified distance of his orher location (location preference) within 3 minutes of detection (timepreference), that have at least a specified severity, that have a 50% orgreater probability of being true.

In one aspect, an application is installed on a mobile phone used byentity 1122. User interface 1111 is included in the application. Inanother aspect, user interface 1111 is a web-based interface access byentity 1122 using a browser.

Entity 1122 can utilize user interface 1111 to formulate otherpreference sets. Other users can also utilize user interface 1111 orother similar user interfaces to formulate additional preference sets(e.g., at their mobile phones).

From time to time, or on an ongoing basis, event identification module118 can access entity preference sets 1138, including preference set1137, from event preferences database 1109. As event identificationmodule 118 receives events, identification module 118 filters event feed1101 to identify events that entities have defined as relevant inpreference sets. Event identification module 118 comparescharacteristics of received events to entity preference sets 1138 todetermine if events satisfy any event preference sets.

As depicted, in FIG. 11B privacy infrastructure 102 spans eventinfrastructure 103, event notification 116, including eventidentification module 118 and location awareness module 1179, and userinterface 1111. As such, privacy infrastructure 102 can implement and/orapply any described data privacy operations, such as, user informationremoval, user information scrubbing, user information stripping, userinformation obfuscation, access rule application, etc., at and/orthrough interoperation with any of: event infrastructure 103, eventnotification 116, event identification module 118, location awarenessmodule 1179, or user interface 1111.

FIG. 12B illustrates a flow chart of an example method 1250 foridentifying relevant events and notifying entities of relevant events.Method 1250 will be described with respect to the components and datadepicted in FIG. 11B.

Method 1250 includes receiving an event feed containing a plurality ofevents, each event detected from one or more signals, each eventincluding an event location, an event category, an event truthfulness,an event severity, and an event time (1251). For example, eventnotification 116 can receive event feed 101, including event 1101C.

Method 1250 includes accessing entity notification preferences definingevents relevant to an entity, the entity notification preferencesincluding category preferences, location preferences, distancepreferences, truth preferences, severity preferences, and timepreferences, the location preferences and distance preferencescollectively indicating that the entity is interested in events within aspecified distance of at least one of: the entity's current location orthe entity's probable future location, the time preferences definingthat the entity desires event notification at least within a specifiedtime period of event detection (1252). For example, from time to time,or on an ongoing basis event identification module 118 can access entitypreference sets 1138, including preference set 1137, from eventpreferences database 1109.

For an event in the event feed, method 1250 includes comparingcharacteristics of the event to the entity notification preferences(1253). For example, as event notification 116 receives event feed 1011,identification module 118 filters event feed 1101 to identify eventsthat entities have defined as relevant in preference sets. Eventidentification module 118 compares characteristics of received events toentity preference sets 1128 to determine if events satisfy any eventpreference sets. For example, event identification module 118 cancompare the characteristics of event 1101C to preference set 1137.

More specifically, method 1250 includes accessing one or more of:location data corresponding to the entity or other location related datacorresponding to the entity (1254). Method 1250 includes determining theat least one of: the entity's current location or the entity's probablefuture location from the one or more of: the location data and the otherlocation related data (1255). Method 1250 includes comparing the eventlocation to the at least one of: the entity's current location or theentity's probable future location (1256).

For example, in one aspect, location preferences 1162 and distancepreferences 1163 collective indicate that entity 1122 is interested inevents within a specified distance of their current location. Inresponse, location awareness module 1179 accesses location data 1131and/or other (location related) data 1132. Location awareness module 179(possibly using artificial intelligence and/or machine learning)determines (or at least estimates) a current location of entity 1122.Event identification module 118 can (possibly using artificialintelligence and/or machine learning) determine if a location indicatedin event 1101C is within the specified distance (defined in distancepreferences 143) of entity 1122's current location.

In another aspect, location preferences 1162 and distance preferences1163 collective indicate that entity 1122 is interested in events withina specified distance of their probable future location(s). In response,location awareness module 1179 access location data 1131 and/or other(location related) data 1132. Location awareness module 1179 (possiblyusing artificial intelligence and/or machine learning) predicts (or atleast estimates) probable future location(s) of entity 1122. Eventidentification module 118 can (possibly using artificial intelligenceand/or machine learning) determine if a location indicated in event1011C is within the specified distance (defined in distance preferences1163) of entity 1122's probable future location(s).

Method 1250 includes comparing the event category to the categorypreferences (1257), comparing the event truthfulness to the truthpreferences (1258), and comparing the event severity to the severitypreferences (1259). For example, event identification module 118 cancompare a category (or categories) indicated in event 1101C to categorypreferences 1164, can compare a truthfulness indicated in event 1101C totruth preferences 1167, and can compare a severity indicated in event1101C to severity preferences 1168.

Method 1250 includes determining that the event satisfies the entitynotification preferences based on the comparisons (1261). For example,event identification module 118 can determine that event 1101C satisfiespreference set 1137. Method 1250 includes notifying the entity of theevent in compliance with the time preferences (1262). For example, eventnotification 116 can send notification 1172 (of event 1101C) to anelectronic device (e.g., a mobile phone) associated with entity 1122 incompliance with time preferences 1168. Event notification 116 can alsostore notification 1172 in durable storage. In one aspect, timepreferences 1168 indicate that notifications are to be sent essentiallyat “moment zero”. As such, event notification 116 can send be configuredto send a live-feed of situational awareness regarding entity 1122.

In some aspects, method 1250 also includes one or more privacyoperations. Privacy infrastructure 102 can implement and/or apply anydescribed data privacy operations (possibly through interoperation withmodules included in one or more of: event detection infrastructure 103,event notification 116, or user interface 1111), such as, userinformation removal, user information scrubbing, user informationstripping, user information obfuscation, access rule application, etc.,prior to, during, or after any of: 1251, 1252, 1253, 1254, 1255, 1256,1257, 1258, 1259, 1260, 1261, or 1262.

In one aspect, notification 1172 includes at least some content fromevent 1101C, such as, for example, a time, a location, a description,and a category (or categories). Entity 1122 may use durable storage tostore relevant events over a period of time and subsequently use thestored events in other data processing operations.

If event identification module 118 determines that event 1101C satisfiesother additional preference sets, notifications can be set to entitiescorresponding to those preferences sets. Event notification module 116can notify other entities in accordance with their notificationpreferences.

Event identification module 118 and location awareness module 1179through interoperation with event detection infrastructure 103, eventpreferences database 1109, and event notification 1116, essentiallyfunctions as a controller of live data. Accordingly, aspects of theinvention allow entities to tailor event notifications to their specificneeds and desires and receive event notifications for events they deemrelevant (without being bombarded with irrelevant events) in a timelymanner.

FIG. 13 illustrates a computer architecture that facilitates notifyingof an event at or near the current location of an entity. Entity 1321can indicate in preferences 1326 (e.g., entered through user interface1111, 1500, or another similar user interface) a desire to be notifiedof events within distance range 1343 of entity 1321's current location.Alternately or in combination, entity 1321 can indicate in preferences1326 a desire to notify entity 1322 of events within distance range 1343of entity 1321's currently location. In another aspect, entity 1322indicates in preferences 1326 a desire to be notified of events withindistance range 1343 of entity 1321's current location.

From raw signals 121, including raw signals originating in area 1344,data ingestion 101 and event detection 103 can interoperate to detectevent 1324. Location awareness module 1179 can access locationinformation 1331 for entity 1321 (e.g., a mobile phone location, travelitinerary, etc.). Location awareness module 1379 can (possibly usingartificial intelligence and/or machine learning) derive a currentlocation of entity 1321.

Event identification module 118 can access preferences 1326. Eventidentification module 118 can (possibly using artificial intelligenceand/or machine learning) determine that event 1324 is within distancerange 1343 of entity 1321 (and otherwise satisfies preferences 1326).Event notification module 116 can send notification 1371 to entity 1321to notify entity 1321 of event 1324. Alternately or in combination,event notification module 116 can also send notification 1371 (or adifferent notification) to entity 1322 to notify entity 1322 of event1324. Notification 1371 can be an electronic message sent to one or moremobile phones.

FIG. 14 illustrates a computer architecture that facilitates notifyingof an event at or near a predicted future location of an entity. Entity1421 can indicate in preferences 1426 (e.g., entered through userinterface 1111, 1500, or another similar user interface) a desire to benotified of events within a specified distance range of entity 1421'sprobably future locations. Alternately or in combination, entity 1421can indicate in preferences 1426 a desire to notify entity 1422 ofevents within distance range 1443 of entity 1421's currently location.In another aspect, entity 1422 indicates in preferences 1426 a desire tobe notified of events within distance range 1443 of entity 1421'scurrent location.

From raw signals 121, including raw signals originating in area 1444,data ingestion 101 and event detection 103 can interoperate to detectevent 1424. Location awareness module 1179 can access locationinformation 1431 for entity 421 (e.g., a speed and direction of travel).Location awareness module 1179 can (possibly using artificialintelligence and/or machine learning) can predict movement of entity1421 into area 1444 in the future (e.g., in the next 1-3 minutes).

Event identification module 118 can access preferences 1426. Eventidentification module 1118 can (possibly using artificial intelligenceand/or machine learning) determine that event 1424 is occurring in area1444 (and otherwise satisfies preferences 1426). Event notificationmodule 116 can send notification 1471 to entity 1421 to notify entity1421 of event 1424. Alternately or in combination, event notificationmodule 116 can also send notification 1471 (or a different notification)to entity 1422 to notify entity 1422 of event 1424. Notification 1471can be an electronic message sent to one or more mobile phones.

Accordingly, aspects of the invention can notify an entity about eventspotentially impacting places and/or people. In one aspect, appropriateparties are notified of events occurring in an entity's current orprobable future locations to increase situational awareness.

As depicted in FIGS. 13 and 14, privacy infrastructure 102 spans dataingestion modules 101, event detection infrastructure 103, eventnotification 116, and event identification module 118, includinglocation awareness module 1179. As such, privacy infrastructure 102 canimplement and/or apply any described data privacy operations, such as,user information removal, user information scrubbing, user informationstripping, user information obfuscation, access rule application, etc.,at and/or through interoperation with any of: data ingestion modules101, event detection infrastructure 103, event notification 116, eventidentification module 118, or location awareness module 1179.

FIG. 15 depicts an example user interface 1500 that facilitatesselecting event notification preferences. User interface 1500 is onepossible representation of user interface 1111. As depicted, userinterface 1500 includes category controls 1501, locations controls 1502,time control 1503, truth control 1504, and severity control 1505. Ingeneral, an entity can manipulate controls in user interface 1500 toindicate event notification preferences. An entity can manipulatecontrols category controls 1501 to indicate a preference for beingnotified of different categories of events. An entity can manipulatelocation controls 1502 to indicate a preference for being notified ofevents at specified locations. As depicted an entity has indicatedinterest in various buildings in the Salt Lake City, Utah area.

An entity can manipulate time control 1503 to indicate a preference forbeing notified of events within a specified time frame after eventoccurrence, including “live time” or essentially at “moment zero”. Anentity can manipulate truth control 1504 to indicate a preference forbeing notified of events with at least a requisite truthfulness rangingfrom any truthfulness to 100% truthfulness. An entity can manipulateseverity control 1505 to indicate a preference for being notified ofevents with at least a requisite severity ranging from severity 1 (lesssevere) to severity 5 (more severe).

Preferences selected through user interface 1500 can be stored in anevent preferences database, such as, for example, event preferencesdatabase 1109. Further, when a entity is notified of an event, theentity may take some action in response to the notification, such as,dismissing the event, following further evolution of the event, etc.Entity action can be used as feedback to provide suggestions to theentity. For example, if an entity repeatedly dismisses accident events,the system may suggest that the entity remove “accident” as an eventnotification category.

Event Impact

In one aspect, components facilitating impact prediction and relevantentity notification are integrated with data ingestion modules 101 andan event detection infrastructure 103. An impact prediction module canpredict impacts (e.g., disruptions) likely to be caused by an event. Theimpact prediction module can maintain an event history database of priorevents and corresponding impacts. As new events are detected, the impactprediction module can refer to the event history database and comparethe new events to prior events.

The impact prediction module can formulate predicted impacts of newevents based on impacts of prior similar events. Predicted impacts canbe on specified types of entities in an impacted area. Specifiedentities can include hospitals, blood banks, delivery services, etc.Impacted areas can include a geographic region within a specifieddistance of an event, a direction of travel on a roadway, a specificentity (e.g., a specialty medical facility), etc.

The impact prediction module can send predicted impacts, includingimpact types and areas, to an impact notification module. The impactnotification module can refer to an entity database that stores entitytypes and entity locations. The impact notification module can compareimpact types and impact areas to entity types and entity locations toidentify entities likely to be affected by one or more predicted impactsof an event. The impact notification module can notify the identifiedentities that they are likely to be affected by one or more predictedimpacts of an event.

Entities notified of an event may or may not be notified of a likelyimpact of the event. Similarly, entities notified of a likely impact ofan event may or may not be notified of the event. For example, a newsstation may be notified of accident but not notified of potentialtraffic congestion caused by the accident. On the other hand, a hospitalmay not be notified of a shooting event but may be notified to expectmultiple victims injured during the shooting.

FIG. 16 illustrates a computer architecture that facilitates predictingevent impact and notifying relevant entities. As depicted, eventdetection infrastructure 103 generates event feed 1601, including events1601A, 1601B, etc. Each event can include an event ID, a time, alocation, a description, a category or categories (context), a severity,and a truthfulness

As described, detected events can be of interest (or relevant) toentities, such as, for example, first responders, hospitals, bloodbanks, delivery services, media outlets, government entities, governmentagencies, etc. based on one or more of an event ID, an event time, anevent location, an event category, an event severity, and an eventdescription. Event detection infrastructure 103 can sent event feed 1601to event notification 116 and to impact prediction module 1606. Eventnotification 116 can notify one or more entities 1661 of relevant eventsin event feed 1601 using described mechanisms.

Impact prediction module 1606 is configured to predict disruptionslikely to be caused by an event. Impact prediction module 1606 canmaintain event history database 1607 of prior events and correspondingimpacts. Per event, for example, prior events 1626A and 1626B, eventhistory database 1607 can store event category, event time, eventlocation, event description, event severity, and impact(s).

As new events are detected, impact prediction module 1606 can refer toevent history database 1607 and compare characteristics of the newevents to characteristics of prior events. Impact prediction module 1606can formulate predicted impacts of new events based on impacts of priorsimilar events. Predicted impacts can be on specified types of entitiesin an impacted area. Specified entities can include hospitals, bloodbanks, delivery services, etc. Impacted areas can include a geographicregion within a specified distance of an event, a direction of travel ona roadway, a specific entity (e.g., a specialty medical facility), etc.Geographic features of a location such as, is the location in a floodplane, is the location historically subject to wildfires, is thelocation on a fault line, etc. can also be considered.

As depicted in FIG. 16, privacy infrastructure 102 spans data ingestionmodules 101, event detection infrastructure 103, event notification 116,impact prediction module 1606, and impact notification module 1608. Assuch, privacy infrastructure 102 can implement and/or apply anydescribed data privacy operations, such as, user information removal,user information scrubbing, user information stripping, user informationobfuscation, access rule application, etc., at and/or throughinteroperation with any of: data ingestion modules 101, event detectioninfrastructure 103, event notification 116, impact prediction module1606, or impact notification module 1608.

FIG. 17 illustrates a flow chart of an example method 1700 forpredicting event impact and notifying relevant entities. Method 1700will be described with respect to the components and data depicted inFIG. 16.

Method 1700 includes receiving an event feed containing a plurality ofevents, each event detected from one or more normalized signals, eachevent including an event category, an event time, an event location, anevent description, and an event severity (1701). For example, impactprediction module 1606 can receive event feed 1601. Method 1700 includesselecting an event from among the plurality of events (1702). Forexample, impact prediction module 1606 can select event 1601A from eventfees 1601.

Method 1700 includes comparing characteristics of the event tocharacteristics of a plurality of prior events, including comparing oneor more of: the event category, the event time, the event location, theevent description, and the event severity to a corresponding one or moreof: an event category, an event time, an event location, an eventdescription, and an event severity of each of the prior events (1703).For example, impact prediction module 1606 can compare characteristicsof event 1601A to characteristics of prior events 1626A, 1626B, etc.More specifically, impact prediction module 1606 can compare time,category or categories, location, description, and severity included inevent 1601A to time, category or categories, location, description, andseverity included in prior events 1606A, 1606B, etc.

Method 1700 includes identifying sufficient similarity between the eventand one or more prior events based on the comparisons (1704). Forexample, impact prediction module 1606 can identify sufficientsimilarity between characteristics of event 1601A and characteristics ofprior event 1626B.

Method 1700 includes predicting one or more impacts of the event on onemore entities based on known impacts associated with the one or moreprior events and in view of the identified sufficient similarity (1705).For example, impact prediction module 1606 can predict that event 1601Ais likely to cause impacts similar to prior event 1626B. The predictioncan be based on known impacts associated with prior event 1626B and inview of the similarities between characteristics of event 1601A andcharacteristics of prior event 1626B. For example, a multi car accidentwith multiple injuries and multiple fatalities at a particular milemarker on a highway during rush hour is likely to cause impacts similarto impacts caused by prior multi car accidents with multiple injuriesand multiple fatalities near the same mile marker on the highway duringrush hour.

A predicted impact can be of a specified impact type and can impact aspecified location or area. For example, impact prediction module 1606can formulate predicted impacts 1631 of event 1601A, including impacttype 1641/impact area 1642, impact type 1643/impact area 1644, etc. Anevent can cause multiple impact types in multiple impact areas. Forexample, mass shooting can impact one or more hospitals and one moreblood banks. The one or more hospitals and one or more blood banks maybe in different locations.

In one aspect, time adjustments or location adjustments are made toevent data from event 1601A relative to event data from prior events1626A, 1662B, etc. Impact prediction module 1606 extrapolates, predicts,or accesses any uncertainty in event data from prior events 1626A,1662B, etc. relative to event data in event 1601A. Impact predictionmodule 1606 extrapolates predicted impacts 1631 based on theuncertainty. Accounting for uncertainty, impact prediction module 1606can compensate for differences in event data.

For example, if event 1601A is similar to event 1626A but the locationsof event 1601A and 1662A different by half a mile, impact predictionmodule 1606 can consider the difference in location when derivingpredicted impacts 1631. Similarly, if event 1601A is similar to event1626B but happened an hour earlier (or later) in the day, impactprediction module 1606 can consider the difference time of day whenderiving predicted impacts 1631. Impact prediction module 1606 can givesimilar consideration to day of week, holidays, etc. For example, anevent that happens on a weekend or holiday can have a different impactthan a prior event that happened on a weekday or vice versa.

Method 1700 includes notifying each of the one or more entities of atleast one predicted impact (1706). For example, impact prediction module1606 can send predicted impacts 1631 to impact notification module 1608.Impact notification module 1608 can formulate impact notification(s)1633. Impact notification module 1608 can send impact notification(s)1633 to entities 1661B and 1661C. Impact notification 1633 can notifyentities 1661B and 1661C of predicted impacts 1631, including impacttype 1641/impact area 1642, impact type 1643/impact area 1644, etc.

Entity database 1609 stores entity type and entity location per entity.For example, entity database 1609 stores type 1662A and location 1663Afor entity 1661A, stores type 1662B and location 1663B for entity 1661B,etc. Entity location may be dynamic if an entity is mobile, such as, forexample, a delivery truck.

Impact notification module 1608 can refer to an entity database 1609.Impact notification module 1608 can compare impact types and impactareas to entity types and entity locations to identify entities likelyto be affected by one or more predicted impacts of an event. Forexample, impact notification module can compare impact type 1641/area1642 to type 1662A/location 1662B, to type 1662B/location 1663B, etc.Similarly, impact notification module 1608 can compare impact type1643/area 1644 to type 1662A/location 1662B, to type 1662B/location1663B, etc. Based on the comparisons, impact notification module 1608can identify entities 1661B and 1661C as being impacted by event 1601A.

In some aspects, method 1700 also includes one or more privacyoperations. Privacy infrastructure 102 can implement and/or apply anydescribed data privacy operations (possibly through interoperation withmodules included in one or more of: data ingestion modules 101, eventdetection infrastructure 103, event notification 116, impact predictionmodule 1606, or impact notification module 1608) such as, userinformation removal, user information scrubbing, user informationstripping, user information obfuscation, access rule application, etc.,prior to, during, or after any of: 1701, 1702, 1703, 1704, 1705, or1706.

Concurrently, event notification 116 can send event notification 1632 toentities 1661A and 1661B to notify entities 1661A and 1461B of event1601A. As such, entity 1661A is notified of event 1601A but notpredicted impacts of event 1601A. Entity 1661B is notified of both event1401A and predicted impacts of event 1401A. Entity 1661C is notified ofevent 1601A but is notified of predicted impacts of event 1601A.

In one aspect, entities register to receive predicted impacts. Predictedimpacts can be included in a user interface similar to user interface1111 or 1500. Preferences for predicted impact notifications can bestored in preferences database 1109 or another similar database. Impactidentification module 1606 and/or impact notification module 1608 canfilter predicted impacts based on entity preferences (similar to eventidentification module 1118 filtering events based on entitypreferences). In some aspects, the functionality of impact predictionmodule 1606 and/or impact notification module 1608 are integrated intoevent notification 116 or vice versa.

Event 1601A can also be stored as a prior event in event historydatabase 1607 along with predicted impacts 1631. Impact predictionmodule 1606 can use event 1601A and predicted impacts 163 whenpredicting impacts of other events detected after event 1601A.

Aspects of the invention predict impacts (e.g., disruptions) caused byevents and notify relevant entities of predicted impacts (e.g., entitieslikely to be disrupted by predicted impacts). Timely notification ofpredicted impacts allows entities to better prepare for and/or takemeasures to address the predicted impacts so that the entities canrespond to an event more efficiently and effectively.

Further Embodiments

In general, users can customize their experience by writing rules to getnotifications when relevant events (e.g., events they care about) aredetected. A notification system monitors detected events. Detectedevents are compared to user rules. When a detected event matches a userrule, the user is notified of the detected event.

In this description and the following claims, a “reverse search” isdefined as a search where the search query remains static and thesearched data corpus is dynamic. In one aspect, the search data corpusis detected events. As events are detected, the detected events arechecked (filtered) to determine if they satisfy (match) any searchqueries. For example, a user can formulate a query. Characteristics ofdetected events can be compared to the query. The user is notified ofdetected events that match the static query.

A reverse search can be a multi-dimensional reverse search wheremultiple dimensions of a static query are checked. Thus, a multi-levelreverse search technique can be used to identify events relevant to auser. In one aspect, a multi-dimensional reverse search is atwo-dimensional reverse search, including a rule matching dimension anda location matching dimension. If a detected event matches a user ruleand is within a specified geo-boundary, the user is notified of thedetected event.

A user can configure a rule to include one or more rule conditions. Auser can combine rule conditions using rule operators, such as, forexample, disjunctive operators, conjunctive operators, etc. For example,a Boolean “OR” (disjunctive), a Boolean “AND” (conjunctive), etc. can beused to combine rule conditions. A user can formulate a rule thatincludes a single rule condition. A user can also formulate a rule thatlinks a plurality of rule conditions together using one or moredisjunctive operators and/or one or more conjunctive operators. As such,a user can tailor rules of varied complexities and/or for specificpurposes.

In one aspect, a rules engine allows users to create and modify rules toget notifications when events or trends happen. A rule can be defined bya rule type, events, locations, areas, notification settings, and aname. In some aspects, other rule definitions can be utilized. The rulesengine can include a formula bar where rules can be defined.

A formula bar can include sections (e.g., fields) for each rule partthat get updated as the user defines them. The defined rule parts caninclude rule types, events, locations, areas, etc. Rule types caninclude a value of Event Based.

An events section reports the name of the event linked together byAND/OR. For example, Shooting OR Bomb Threat OR Stabbing. A locationsection reports the name of one or more selected locations. When a userselects multiple locations, the Locations section reports each locationwith an “and” in between (e.g., Schools and Hospitals). If more than 2events, the section reports the first two events and then “[number ofevents] more events” (e.g. Shooting AND bombing, 5 more events). Onhover, additional (e.g., all) monitored events are shown in a tooltip.

A locations section reports the name of selected location(s). If theuser selects multiple locations, the Locations section reports eachlocation with an “and” in between (e.g. Schools and Hospitals). If thereare more than two locations names, the section reports the first twolocation names and then “[number of locations] more location types”(e.g. Schools, Hospitals and 5 more location types). On hover, some orall monitored location types can be presented in a tooltip.

An areas section reports the name of areas (e.g., cities, counties,states or custom areas). When a user selects multiple areas, the Areassection reports each area with an “and” between (e.g., Salt Lake Cityand Provo). If there are more than two areas selected, the sectionreports the first two area names and then “[number of areas] more areas”(e.g. Salt Lake City, Provo, and 5 more areas). On hover, some or allareas are shown in a tooltip.

For example, FIG. 18 shows a user interface element 1800 illustrating asummary of a rule that is in process of being created or defined by anentity or a user (as used herein, an operator of the described rulesengine or user interfaces may be referred to as a user, entity,operator, etc.) As depicted, UI element 1800 includes a progressindicator 1802 that can be used to indicate for the entity how much of arule completion process has been completed. As depicted, 80% of the rulehas been configured. In some aspects, a rule is usable any time any ofthe configuration parameters have been set. In other aspects, an entireconfiguration may be required in order to have the rule function togenerate notifications for the entity.

UI element 1800 also includes rule type parameters 1804, eventparameters 1806, location parameters 1808, areas parameters 1810, andnotifications parameters 1812. Depending on the parameter, operators mayalso be depicted to help an entity understand at a glance how aparticular configuration parameter functions. For example, eventparameters 1806 include AND operator 1814 and OR operator 1816 toillustrate the operators selected within the events configuration.

Event parameters 1806 are configured such that to meet rule conditions,a “temperature above 100 F” must be detected along with either a “poweroutage” or a “flood.”

Additional visualization techniques can be used separately from or inconjunction with operators 1814 and 1816 to indicate how eventparameters are grouped. For example, grouping element 1818 linkselements connected by AND operator 1814 and the grouping element 1820links the elements within the OR operator 1816.

In general, different visualizations can be utilized in order to help anentity understand, visually, how their rules are configured and can betriggered to create notifications.

UI element 1800 also includes an exit button 1826 and a ruleconfiguration button 1824.

In FIG. 18, UI element 1800 is shown isolated from other user interfaceelements. However, UI element 1800 may be presented along with and/or asa sub-component within other user interfaces as depicted in anddescribed with respect to other figures.

FIG. 19A illustrates an alternative view of a rule builder 1900. Rulebuilder 1900 may include the same kinds of information as UI element1800, but in an editable format. For example, a user may select ruleconfiguration button 1824 and be transitioned to rule builder 1900 tofurther configure or alter the present configuration of a rule.

Rule builder 1900 depicts a rule title 1902 (e.g., “FULL RULE”) alongwith various rule parameters and corresponding values. Each of rule typeparameters 1804, events parameters 1806, locations parameters 1808,areas parameters 1810, and notification preferences parameters 1812 canbe presented along with an edit control. For example, edit control 1904can be selected to edit rule type parameters 1804 and edit control 1914can be selected to edit notification preferences 1812. Upon selection ofan edit control, an authorized entity can alter a rule parameter therebyaltering the configuration of the rule. Selecting an edit option mayopen an additional UI interface element—such as a modal dialog—where theentity can change parameters of the particular rule component, save thechange, and return to rule builder 1900 to modify additional parametersof other rule components if desirable.

Upon completing rule configuration, the entity may select close button1906 to return to another UI element. Rule builder 1900 may also includeadditional features such as a cancel option whereby recent modificationsto the rule may be discarded. Rule versioning control may also beimplemented such that an entity can select an interface item to see aprior version of the present rule and, in some embodiments, revert arule back to a prior version.

In FIG. 19B, rule builder 1900 is depicted with different parametervalues relative to the parameter values depicted in FIG. 19A. Forexample, events 1806 have been modified to include “Shooting” and aBoolean “OR” operator with events categorized as “Robbery.” Aspreviously described, because the OR operator has been invoked, eventscategorized as shooting or robbery can satisfy this configurationparameter. A single event may satisfy both parameters or only one or theother parameter.

Events 1806 can also include a visual indication of shooting sub-eventtypes 1910 and robbery sub-event types 1912. An entity may select abroad category such as shooting or robbery that includes varioussub-event types within that category. It is also possible that an entitymay build a configuration parameter by selecting sub-event types (e.g.,“shots fired” or “mass shooting”) and based on the relationship to thebroad category, they may be presented in a nested form as depicted. Assuch, values shown within event parameters 1806 may be populated basedon an entity selection of individual sub-types or by an entity selectinga broad category that includes one or more sub-types.

In some embodiments, the relationship between categories and sub-typesmay be visually presented using UI elements such as bolding, colors,typographical changes, icons, or other visual indicators that allow anentity to recognize the relationship between the category and the one ormore sub-types within that category.

Similarly, the relationship between elements that have been joined usingBoolean operators may also be presented using UI elements such asbolding, colors, typographical changes, icons, or other visualindicators that allow an entity to recognize the how the criteria arelinked.

In another embodiment, full rule 1900 may be shown when the user selectsa “Show Full Rule” button on an interface such as UI 1800 from FIG. 18.Upon selection, Full Rule 1900 may be presented as a modal dialog tolist additional or all detail associated with a rule. As used herein, amodal dialog is a UI element that presents itself above at least oneother UI element as the result of a user interaction.

In some embodiments, the modal dialog is a true modal dialog in that itrequires the entity to perform a conclusive activity (e.g., close, save,exit) in order to dismiss the modal dialog and return to prior screensof the application. In such an embodiment, underlying UI elements may bepartially or fully obscured in order to help the entity understand thatthe modal dialog has been created and requires the entity's attention inorder to progress.

In other embodiments, the modal dialog may be a soft modal in that theentity is still able to interact with other portions of the applicationwhile the soft modal is present. In such embodiments, certain elementsmay still behave as if the full rule modal is a true modal. For example,the UI 1800 may not be editable while full modal 1900 is present whileother aspects of the application are still interactive and, in someinstances, editable.

In another embodiment, UI element 1800 may include an indication thatthe associated rule is not fully configured. For example, UI element1800 in FIG. 18 does not have notification parameter 1812 set. In suchcases, UI element 1800 may include an indication that the user/entityhas not yet defined that particular parameter i.e., the “notificationconfiguration.” In some embodiments, an edit UI element may be presentedalong-side the particular configuration option that has not been setsuch that, upon selection, the entity is taken directly to that step.

Referring now specifically to the notification preferences 1914, timepreference parameters may be configured according to the “any time”configuration 1914 a (in FIG. 19A) or according to a more granularconfiguration 1914 b (in FIG. 19B). In more granular configuration 1914b, an entity can configure notifications to occur on certain days andduring certain times during those days. For example, in a more granularconfiguration, a notification can be provided to a user when there is amatch to the rule type, events, locations, and areas entered by the userduring the notification period(s) configured in the notificationpreferences parameters.

As an example, suppose a rule was configured for identifying particularevents near a school. In such instances, an event can be triggered byunderstanding that the event—such as a shooting, power outage, flood,etc.—occurs during a time when students are in the school. Outside ofthose times, the event may be of interest but perhaps not in conjunctionwith its proximity to the school. Accordingly, a user may setnotification preferences 1914 in the configuration shown in granularconfiguration 1914 b which is sent in one example of times school may bein session (e.g., Monday through Thursday from 8 am to 6 pm and FridaySam to 12 pm).

Alternatively, the entity may select notification preferences accordingto any time configuration 1914 a to be notified of the satisfaction ofthe other rule configuration elements regardless of the time or day oftheir occurrence.

Turning now to FIGS. 20A through 20I, FIGS. 20A through 20I depict anexample progression through rule creation. Description of elementsand/or features in a specified figure among FIGS. 20A-20I may also applyto other figures among FIGS. 20A-20I even when not expressly describedin conjunction with those other figures.

FIG. 20A depicts rule summary pane UI 2000 (summarizing progression of arule) along with rule type configuration UI 2002A. FIG. 20B depicts rulesummary pane UI 2000 along with event configuration UI 2002B. FIG. 20Cdepicts rule summary pane 2000 along with locations configuration UI2002C. FIG. 20D depicts rule summary pane UI 2000 along with areasconfiguration 2002D. Rule summary pane UI 2000 may also be referred toas summary 2000, summary pane 2000, pane 2000, or the like.

As depicted, pane 2000 includes a rule configuration button 2001,progress visualization 2018, and rule parameter status icons 2016, 2019,2021, 2023, and 2025. As will be discussed, the progress visualization2018 and the various status icons provide visual information about ruleprogression as well as individual rule parameters as they aresuccessfully configured.

In general, UI 2002A, UI 2002B, UI 2002C, and UI 2002D can include UIelements similar to (or even the same as) one another. However, UIelements in UI 2002A, UI 2002B, UI 2002C, and UI 2202D may includedifferent information (e.g., different values) even though the UIframe/element/structure are similar (or even the same). Pane 2000 can beused to visually represent rule creation/configuration progression. InFIG. 20A, summary 2000 (e.g., initially) indicates that a rule is 0%configured.

Rule type configuration UI 2002A depicts additional details related torule creation/configuration. More specifically, “Step 1: rule type” 2004incudes UI elements for selecting a rule type and corresponds to ruletype 2006.

Rule type configuration UI 2002A includes a link or UI control 2008.Selecting the link or UI control 2008 can cause the full rule to bepresented. For example, in response to selection of UI control 2008, amodal dialog similar to those described with respect to with FIGS. 19Aand 19B can be presented. This may be beneficial to a user that isfamiliar with the rule configuration workflow and wants to configureconfiguration elements in a sequence different than a pre-definedworkflow (e.g., configuring “areas” prior to “events.”)

As depicted, rule type configuration UI 2002A also includes parameterarea 2010. As depicted throughout FIGS. 20A through 20I, Parameter area2010 is a user interface element that can be populated with parametersthat are contextually appropriate or necessary for the current parameterbeing configured (e.g., rule type, events, locations, areas, ornotifications). UI 2002A (i.e., a UI related to rule type) parameterarea 2010 can include details, selections, configurations, etc., thatare related to “rule type” configuration. A single “rule type”configuration element is available to the user. Other types of “ruletypes” may be available, for example, depending on the particular entityor user or on other factors.

Within UI 2002A, an entity is permitted to select “event based” as ruletype 2006. UI 2002A can also present other rule information to help anentity understand that the rule type being creating is an event basedrule. As used herein, a notification can be triggered whencharacteristics of a (e.g., live) event match a rule formula defined foran event based rule.

An event may be considered a “live” event even if there is someprocessing delay associated with signal ingestion, signal normalization,event detection or other related signal processing. In one embodiment, alive event is defined an event that is within a particular time frame ofa time indicated in a raw signal timestamp. For example, a live eventcan be identified as an event that occurred within 1 hour of a“created_at” timestamp applied to a signal at the source of the signal.Other varied and dynamic definitions of “live” can also be used. Forexample, different permissible processing delay times can be used fordifferent types of events. Permissible processing delay times can alsobe elastic based on system load (e.g., increasing and decreasing assystem load increases and decreases respectively). Thus, over time whatis considered a “live” event may change.

In some embodiments, a rule configuration workflow transitions to a nextconfiguration UI upon successful completion of a prior configuration UI.For example, the user may be taken from rule type configuration UI 2002Aassociated with “step 1” to event configuration 2002B associated with“step 2” depicted in FIG. 20B upon completing UI 2002A.

In other embodiments, a user affirmatively steps through configurationUIs using navigation controls. Navigation controls can include one ormore of: next button 2012, back button 2014, a “Skip” button, etc. The“Skip” button can be used to skip portions of rule configuration. Theuser can select the skip button to move to the next step.

Upon transitioning from one configuration UI to the next—eitherautomatically or through express navigation—a configuration UI isupdated with contextually information relevant to another rule portion.As depicted in FIG. 20B, configuration window 2002B includes events UIelements. Step identifier 2004 is updated to “Step 2: Events” tocorrespond to configuration element 2017 in pane 2000. Back button 2014is presented within configuration window 2002B allowing the entity toreturn to UI 2002A (which, in this example, is considered a prior step).

Pane 2000 is also updated in a number of ways in association with thetransition to step 2. For example, in UI 2000 status identifier 2016 isupdated to indicate completion of rule type configuration (i.e., in thisexample, the prior step). As depicted, a check mark is included acheckbox. However, status identifier can include any suitable visualindication to indicate completion (or non-completion) including other UIelements, colors, highlighting, typography, nesting, etc.

Parameter area 2010 is also updated to include the configurationparameters that are contextually relevant to the current configurationelement. In this exemplary embodiment, step 2 includes selectingconfiguration parameters relating to one or more event types to bemonitored. This could be a single event type, or any number of eventtypes chained together by AND/OR logic. Events (including Computer AidedDispatch (CAD) incident codes) can be displayed in the selection area.Parameter area 2010 can scroll to support a virtually unlimited numberof event types (e.g., hundreds or thousands). While AND/OR operators areused extensively within the descriptions of Figurers 20A through 20I, itis understood that other types of operators are possible such as NOT, orconditional operators such as IF and ELSE IF. Additional operators maybe available to configure additional types of relationships and rulecriteria.

In some embodiments, category tags and/or incident (e.g., CAD) codes aredisplayed in parameter area 2010. Menu headers can be category tagsand/or the incident codes and can be displayed based on a user'slanguage selection.

Search field 2020 allows a user to search for and select event typesthat are available for matching and notification. In some embodiments,logic/programs process data entered into search field 2020 facilitating“fuzzy” searches on the event name and/or category name to help a useridentify event types related to a search term. In some embodiments,fuzzy searches may include suggesting particular event types that arerelated to a search term in ways other than predefined relationships.For example, if two different event categories are often included in asingle rule, when one of the event types is searched for, the relatedevent type may be included in a listing of suggested event types to addto the rule.

In some embodiments, these suggestions may be based on a user role,entity relationship, access control, or historical understanding ofrules the user has created.

In some embodiments, search field 2020 plays an enhanced role inassisting a user select event types. UI 2002B can be configured toutilize search field 2020 as the primary tool for populating event typesin parameter area 2010. Focus can be placed on search terms entered intosearch field 2020 when UI 2002B is presented and then after an event isadded.

Events may be arranged hierarchically, for example, in a parent/childarrangement. When a user selects a parent event (e.g., Accident), one ormore (or all) children events may also be automatically selected (e.g.,Fatal Accident, Injury Accident, Hit and Run, etc.). In one embodiment,a UI element represents an event type (e.g., parent) that includes oneor more event sub-types (e.g., children). When the UI element isselected, an additional configuration pane can be presented forselecting any (and up to all) event sub-types.

Event sub-type presentation can be customized per user, for example,based on historical information, known related sub-types, or on anotheruser associated basis. In some embodiments, event sub-types (e.g., childevents) are linked with Boolean OR operators by default. On the otherhand, main event types (e.g., parent events) are linked with Boolean ANDoperators by default when selected. In some embodiments, defaultlinkages associated with children event types and/or main event typesare different and/or can be modified.

When a parent event type (or any event that includes event sub-types) isdepicted (e.g., as the result of a search suggestion, in a list, etc.),event sub-types associated with the parent event type can also bepresented. In one embodiment, associated event sub-types are presentednext to the parent event type. In other embodiments, a “plus” sign, adrop-down icon, or another UI element can be utilized to indicate eventsub-types are available and/or associated with a parent event type(i.e., a broader event category).

Once a user has selected at least one event type (whether a parent eventtype, a child event type, or a sub-category or sub-type, as previouslydescribed) configuration window 2002B can check to determine whetherconfiguration is sufficient to transition (e.g., progress) to another(e.g., next) step. In the case where an entity has configured validparameters to satisfy the events step, the next button 2012 may beactivated (e.g., “lit up”) to allow the entity to transition.

In another embodiment, upon selection of one event type, parameter area2010 may be contextually modified. Contextual modification can includepresenting an interface allowing selection of additional events andcorresponding connectors to link events and/or to increase rulecomplexity.

For example, a user may have initially selected an “Accident” event typeand then selected an event sub-type of “Hit and Run.” Upon selection ofthe desired sub-type, the user may be presented with an interfaceelement asking whether the user would like to link to another event typeor event sub-type using an “AND” operator or “OR” operator.

The user may select either operator. Upon operator selection, the usercan be returned back to search tool 2020 to identify another event type(or event sub-type) to add to the rule. Upon selection of the otherevent type (or event sub-type), the system can then combine the eventtypes, the event type and the event sub-type, or the event sub-typesaccording to the user selected operator. Thus, at least in oneembodiment, a user is queried for an operator prior to selecting theother event type (or event sub-type).

In another embodiment, a user selects an event type (or event sub-type),and then upon selection of another event type (or event sub-type), ispresented with the option to select/modify a default combinationoperator. As previously described, event sub-types within the same eventtype may default to be combined with an “OR” operator while differentevent types may default to be combined with an “AND” operator. Thus, auser may select two event types and then, based on whether the eventtypes differ or are sub-event types of the same event type, present theuser with the default operator based on that relationship. An option tochange the default operator can also be selected.

In some embodiments, the user may simply be informed of the operation tobe applied to the combination. However, in other embodiments, the usermay be presented with an AND/OR modal allowing selection/modification ofthe relationship.

Panel 2000 may also be updated in real-time as configuration actionsoccur and/or are occurring. For example, events 2017 within panel 2000may begin to populate with the categories selected in parameter area2010 as event types and/or event sub-types are selected. Additionally,status icon 2019 may be changed to an affirmative or confirmed setting(e.g., check mark in check box) to indicate that configuration of “Step2: Events” is appropriate (e.g., is satisfactory to return resultsand/or is a valid configuration).

In some embodiments, a status icon (e.g., status icon 2019) may be shownin one state to indicate the current configuration is valid and inanother different state to indicate the current configuration has beensaved, accepted, validated, approved, or some other indication.

In some embodiments, selected event types and event sub-types can beassociated with a UI element allowing them to be removed from a rule.For example, each selected event type or event sub-type, once selected,may include an “X” or other icon indicating that the event type or eventsub-type can be removed. A UI removal element can be presented in eitheror both of pane 2000 and parameter area 2010.

In other embodiments, once an event type or event sub-type has beenselected, it may become clickable or hoverable (e.g., with a mouse orother input device). Clicking on or hovering over the event type orevent sub-type can present additional detail about the event type orevent sub-type. Additional detail can include related event types, acount of the number of those event types that have occurred over adesignated time period, the number of other rules available to the userthat include that event type, or other types of information.Accordingly, a user can click on or hover over an event type or eventsub-type to learn more about the event type or event sub-type.

FIG. 20B also depicts completion indicator 2018 at 20%, indicatingcurrent progress within the rule creation process. In one embodiment,each of Rule Type, Events, Locations, Areas, and Notification can beequally weighted such that completion of each step results in anincrease in progress of 20%. In FIG. 20B, the completion indicator 2018is shown as “20%” because the “Rule Type” element was previouslycompleted. As described, elements within pane 2000 may be updated inreal time as the user reaches a valid configuration or once the currentconfiguration has been accepted or otherwise stored. Other embodimentsmay weight configuration steps differently such that completionindicator 2018 presents other indications of progress such as totallength, sub-steps, or other indications.

In some embodiments, certain elements can be updated in real-time (e.g.,to show valid configurations) while other settings are updated based onadvancing through the configuration process.

When a user has selected event types/event sub-types along withcorresponding connecting operators, the user can advance to the nextstep by selecting next button 2012.

As depicted in FIG. 20C, UI can be transitioned to “Locations”. In oneembodiment, “Locations” are static user selectable groups of locationsselectable to identify events that happen nearby. Locations options canbe any location data (e.g., Locations of Interest). New location data,like retirement homes and railroad crossings, can be added. Stepidentifier 2004 is updated to “Step 3: Location” to correspond toconfiguration element 2021 in pane 2000. Back button 2014 is presentedwithin UI 2002C allowing a user to return to UI 2002B (i.e., which inthis example is the prior step).

Similar to event types, locations may also be presented categoricallyand with sub-locations associated with those locations. In one example,a broad category may be for “retirement communities” with sub categoriesbeing specific retirement homes. Schools, hospitals, religiousbuildings, etc., may also be presented both categorically and assub-locations comprising specific locations within that category.

Similar to the previous description of “fuzzy” event search, search tool2020 can be used for location searching and selection based onrelationships between or among different locations. As one example, auser may initially search for and select “government buildings” as alocation and be suggested to also select “parks/monuments” based on arelationship between these two locations. As described, a relationshipmay be based on past rules, past events, past user actions, or otherforms of links or available associations.

Upon selection of a location, the parameter area 2010 may be updated tovisually indicate for the user that a location has been selected.Additionally, pane 2000 may also be updated to show the user's selectionand whether the current configuration element has reached a satisfactoryconfiguration state.

After selecting a location, another UI component may allow a user toselect a distance parameter associated with the location. For example,the user may be able to select a radius around a selected location (orfor each of a collection of individual locations) where an eventoccurrence is to trigger a match.

In one example, a user selects a location (e.g., schools). Upon locationselection, a “Set Radius Around Location” modal can be presented. Theuser can use the “Set Radius Around Location” to specify a radius, forexample, 1000 feet. Matching events within the specified radius cantrigger the rule. Events outside the radius (even if otherwise matching)do not trigger the rule. Practically, a specified radius represents aphysical proximity measure of event relevance (to a selected location).

In some embodiments (including an example described with respect to FIG.20G), radius selection is facilitated through a UI element that includesa map. Discrete locations of the location type may be presented on themap along with a UI element that facilitates radius selection. In someembodiments, the selected radius may be visualized as an expandableborder or shading surrounding the location(s) at the selected radius.

However, there is no requirement that physical proximity be circular. Avariety of different shapes (e.g., ovals, squares, rectangles, etc.) canalso be used. In one embodiment, user interface tools allow a user toconnect various lines to define a physical proximity of event relevanceto a location. Contextual clues may also be injected into a map to aid auser in selecting an area around a location type.

In some embodiments, a radius or other area around one specific locationwithin the selected location category may have a different size thansurrounding another location within the same category. For example,major roads, borders, or other boundaries may be used to modify theradius or other area around one location for a given category whiledifferent boundaries may be used for a different location.

In one embodiment, a specified radius may be set as a default, such as1000 ft. In other embodiments, the specific default radius can bedefined per location type. For example, the default radius (or otherarea) may be greater for a hospital or power plant than for a fast foodrestaurant or a pharmacy.

In some embodiments, a radius (or other area) is selected after locationcategory. After location category selection, a modal dialog ispresented. The user selects a (or accepts a default) radius (or someother area) before returning to a main interface to select additionallocations or transition to a different configuration step.

In other embodiments, known boundaries associated with the locations maybe used (e.g., in lieu of a radius). The use can be presented anadditional option to further refine the location by creating or alteringthe known boundaries.

After the user specifies the radius (or other area/boundaries), a newlocation definition button can be added above the select area 2010. Theradius (or other area/boundaries) is included in the location definitionbutton. If the user clicks on the location definition button, the “SetRadius Around Location” modal opens and the Location Select Area scrollsto show the event (behind the modal).

Upon successful selection/configuration of locations, the user canselect the next button 2012 to continue.

As depicted in FIG. 20D, UI can be transitioned to “Areas”. FIGS. 20D,20E, 20F, and 20G illustrate various UI elements facilitating userconfiguration of areas. As used herein, an area can be a state, county,city, or custom boundary (e.g., user defined). In general, a usernotification can be generated when a rule is triggered within a definedarea.

In one embodiment, selection of next button 2012 in UI 2002C causes atransition to UI 2002D in FIG. 20D. For example, step identifier 2004 isupdated to “Step 4: Areas” to correspond to configuration element 2023in pane 2000. Back button 2014 is presented within configuration window2002D allowing a user to return to UI 2002C (i.e., which in this exampleis the prior step).

Within FIG. 20D, parameter area 2010 depicts area options 2024applicable to the current event type (or types) and/or event sub-type(or sub-types), including defined areas 2022 and custom areas 2034.Selection of defined areas 2022, can transition UI to modal 2024 in FIG.20E including “Add State, County, or Cities.” A user can use modal 2024to select states, counties, cities, etc. A user's current State can bepreselected in the state dropdown and the County tab is active, showingstate counties.

In some embodiments, such as for entities that are interested in eventsacross multiple states or the entire country, no state is preselected. Auser's state related information can be derived from a user's profile orother information known about the user.

In one embodiment, an entire state can be selected by clicking oncheckbox 2026 to monitor the entire selected state. In such embodiments,if the entire state checkbox 2026 is selected, the counties and citiesUI can be disabled, removed, or shown at reduced opacity to indicate tothe user that they cannot be individually selected (or deselected).

If the user does not select checkbox 2026, the user is able to selectindividual counties or cities using the county tab 2028 or cities tab2030, respectively. Upon selection of one of the tabs, the user ispresented with a selection list 2032 allowing them to select one or morecounties or cities to configure the areas element. Search tool 2020 mayallow for search suggestions. For example, search tool 2020 may providesuggestions for adjacent counties or cities to a currently selectedarea.

Search tool 2020 may also be configured to automatically determine whichdataset to pull from based on whether a user is on the counties tab 2028or cities tab Using tabs 2028 and 2030, a user can select a combinationof counties and cities. For example, a user may be interested in anentire county, but only a specific city in a different county (e.g., acity that borders the county, but is not in the county). In someembodiments, a user selects states, counties, or cities. For overlappingareas, the smaller area can be used for notifications when an event istriggered.

In some embodiments, the listing of selectable counties or cities may bemodified for a user (e.g., limited) based on permissions associated withthe user. For example, a user may be presented with a subset of countieswithin a state based on the user being part of an organization thatservices that subset of counties. The same may be true of cities orother predefined areas.

When areas selection is completed, a “Save” button can become active andallow the user to return to the prior interface (e.g., FIG. 20D), oradvance to the next configuration element.

Subsequent to areas selection, a user may be presented with a definedarea map 2036 (in FIG. 20F). Defined area map 2036 depicts the finalselected area. For example, it may be that checkbox 2026 (monitor all ofUtah) was selected in area options 2024. As such, defined area map 2036shows the boundaries of the entire state (of Utah). If the user hadinstead selected one or more counties or cities (as previouslydescribed), defined area map 2036 could instead show the selected areasusing suitable boundaries.

Modal 2024 of FIG. 20E and defined area map 2036 of FIG. 20F may also becombined with each other on the same UI. In such an embodiment, a usercan select a location from county list 2032 (or a corresponding citylist). The selected location can be depicted in defined area 2036 to aidthe user in selecting areas and/or locations of interest.

In another embodiment, the user may instead interact with a defined areamap by selecting areas on an interactive map. As areas are selected,their formal location identifications may then be shown or highlightedin a different area such as modal 2024.

Referring back to FIG. 20D, a user can alternatively select the “CustomAreas” element 2034. As a result of selecting element 2034, map 2038 canbe presented to a user (in FIG. 20G). Map 2038 can include interactivedrawing/selection tools.

For example, FIG. 20G includes drawing tool bar 2040. Drawing tool bar2040 further includes drawing tools 2044 (e.g., radius tool 2044 a, boxtool 2044 b, way-point tool 2044 c, and line tool 2044 d, etc.) allowingfreeform selection of particular areas of interest. Tool bar 2040 alsoincludes region naming field 2042 and save button 2046. Radius tool 2044a is shown that allows a user to center the selection on a particularlocation and then extend detection using a fixed radius from thatcentral position. The user may be able to do this using a gesture orthrough the use of a drop down, such as the radius selector 2048. Insome embodiments, both types of operations are available.

Using one or more of radius tool 2044 a, box tool 2044 b, way-point tool2044 c, and/or a line tool 2044 d, a user can select specific pointsthat are connected to form a boundary that encloses a region ofinterest. In some embodiments, a user is able to select multipledifferent contained regions such as regions that surround distinctcities. In some embodiments, the created regions overlap.

The user can name a selected region using region name field 2042 andthen save the region using save button 2046. In some embodiments, theuser can create multiple regions by naming and saving each regionindividually. In other embodiments, the user can name and save amulti-region mapping under a single name.

In one embodiment, as a user defines custom regions, the systemdetermines specific areas included in the defined custom regions. If auser changes the size of a custom region, specific locations within thecustom region can also change. For example, it may be that a userselects radius tool 2044A and centers a circle on Salt Lake City.Subsequently, if the user increases the radius of the circle, additionalcities within that radius are listed to help the user understand whatareas are within the custom region (radius).

Square tool 2044 b allows a user to create a custom region with 4 sides.In one embodiment, a user can click and drag square tool 2044 b togenerate a square boundary around a desired location. Square tool 2044 bcan also be configured to allow each of the vertices of the square toinclude a handle that allows the user to modify the shape of theboundary from a square into a four-sided polygon with sides of varyinglength. Similarly, each side of the region created using square tool2044 b may also be selectable such that one side can be movedindependently of the other sides while maintaining a contiguousboundary.

Square tool 2044 b may also be capable of having only three sides ormore than four sides. Thus, in some embodiments, square tool 2044 b maybe a polygon tool that allows enclosed boundaries with various numbersof configurable sides to be created.

Waypoint tool 2044 c may allow a user to generate very detailed boundarypaths that would be difficult to create using the radius, circle,square, or polygon tools previously described. Using waypoint tool 2044c, a user can click anywhere on the map area to create a new waypoint. Aboundary can be generated that connects the new waypoint to a previouslycreated waypoint. As a user creates additional waypoints, an area orregion boundary is created that encompasses a portion of map 2038. Tocomplete a contiguous boundary, the user may select the original (e.g.,first) waypoint causing a boundary line to be completed between thefirst waypoint and the final waypoint. In other embodiments, a boundarybetween the last-created waypoint and the first-created waypoint ismaintained even while the user adds additional waypoints between.

Line tool 2044 d may also be present and allow a user to quicklygenerate polygons that define desired areas or regions.

Any or all of drawing tools 2044 may be operable by a user with aninterface device like a mouse or other pointer (e.g., a finger on atouch screen). Additionally, the tools may also be capable of receivingdata inputs for use in defining a boundary. For example,latitude/longitude data may be imported or otherwise provided by theuser and used to set the waypoints for waypoints tool 2044 c that definean area or boundary map.

In another embodiment, the system may facilitate creating regions withdynamic edges. For example, if a user defines a custom region with theradius tool, the system may suggest to the user that if they expand orcontract the radius slightly, a city/area/county/etc., may be added orremoved. In a similar embodiment, the system may suggest to a user:natural boundaries, common boundaries, historical boundaries, servicearea boundaries, or other known information to aid in defining customregions having increases relevance and/or appropriateness for the user.

In one embodiment, after the custom region has been created, the usercan name the region. Based on the region, the area name can then bepresented with a visualization of the quantity of sub-areas that arewithin that custom region. For example, the number of cities, counties,states, etc., may be listed alongside the name of the custom region.

In one embodiment, after the user successfully defines a custom region(e.g., a region that has a contiguous border with a coverage ofsufficient area), the UI may enable or present a save button 2046 toallow the user to save the custom region.

In another embodiment, once a custom region has been successfullydefined, the user is able to define additional custom regions within thesame view such that multiple custom regions are defined. Once a regionhas been defined, the region—represented by the region name given by theuser—is presented in a list. In one embodiment, a listing of definedcustom regions includes a UI control that allows the user to remove thedefined region from the custom area configuration.

In one embodiment, while the user is defining a new custom region, otherexisting custom defined regions are visually deemphasized (e.g., theiropacity is reduced) such that definition of the new customized region isemphasized.

If the user has defined a customized area and clicks on the “Next”button before clicking on the “Save” button, the area can be savedautomatically, and the user can be moved to the next step.

Thus, when a user completes area selection/definition (of one area or ofmultiple areas), the user can save the selected/defined areas and selectthe next button to move to the next configuration step.

In one embodiment, selection of next button 2012 in UI 2002D causes atransition to UI 2002H in FIG. 20H. For example, step identifier 2004 isupdated to “Step 5: Notifications” to correspond to configurationelement 2025 in pane 2000. Back button 2014 is presented withinconfiguration window 2002H allowing a user to return to UI 2002D (i.e.,which in this example is the prior step).

Turning to FIG. 20H, a user can define how and when they are to receivenotifications. Users can receive notifications, for example, in an“app”, via SMS, or via email. Each notification method can be acheckbox, for example, including in app checkbox 2050, SMS checkbox2052, or email checkbox 2054.

The user can select as many notification methods as they prefer (e.g. InApp and SMS). In one embodiment, the app checkbox 2050 is checked bydefault while SMS checkbox 2052 and email checkbox 2054 are unchecked bydefault. However, other default checkbox selections/deselections arepossible.

Depending on the notification method, additional information may beconfigurable and/or requested (or even required) from the user. Forexample, if SMS checkbox 2052 is selected, SMS number field 2056 can bepopulated to designate the SMS number where notifications are to besent. Similarly, if email checkbox 2054 is checked, email address field2058 can be populated to designate an email address where notificationsare to be sent.

In some embodiments, the SMS and email fields may be auto populated bythe system based on user account/profile information. For example, theuser may include an SMS and/or email address in their user profile, oneor more of which is automatically inserted into either or both of thesefields. In some embodiments, the user is able to edit the defaultaddresses, while in other embodiments access control rules forcepredefined (e.g., possibly read only) values in these fields. Forexample, a user may be configuring notification preferences for a teamor organization such that notifications should be sent to a team accountrather than the individual account. In such cases, the team accounts maybe pre-populated into the fields (and the fields designated read only).

In some embodiments, multiple accounts can be designated for eachnotification method. For example, each notification may be sent tomultiple email addresses. In some embodiments, this is accomplished byadding a new email address field 2058 for each additional email addressthat is to receive the notification. In other configurations, the usermay be able to designate multiple addresses within the single emailaddress field 2058 by using a delimiter character such as a comma orsemicolon.

In some embodiments, accounts or addresses added to notification fieldsare checked against access control rules to determine whether theaccount is authorized to receive notifications. The access control rulesmay also be linked to specific event types, locations, and/or areas suchthat a given account may be authorized to receive some sorts ofnotifications but not others. In the case that a user inputs an addressinto a notification field that is determined to be invalid and/orunauthorized to receive a notification based on the current ruleparameters, the user is notified of the incompatible configuration.

In some embodiments, notification method input fields may includedrop-down or selection menus populated with eligible/authorizedaccounts. In some embodiments, if a user adds an SMS or an emailaddress, those values are added to the user account for access on laterrules.

In addition to configuring notification methods, the user alsoconfigures time preferences 2060. Time Preferences allow the user toreceive notifications at specified times. In one option, the user canselect always on radio button 2062. When radio button 2062 is selected,the user desires to receive notifications any time a corresponding ruleis matched. In one embodiment, always on notifications are the default.

In another option, the user may select custom schedule radio button2064. Custom scheduling allows the user to receive notifications duringspecified days and times. Once custom schedule radio button 2064 isselected, day and time fields 2066 become active and configurable. Inone embodiment, a select all link is presented that allows every day tobe activated in one click. The user can then modify the times for eachday separately according to their preference.

If a day is selected, the start time and end time field are enabled. Ifday is unchecked start time and end time are disabled.

If multiple days are selected, start and end time fields can beauto-filled with the users initial start or end time entry (e.g. if theuser adds 10:00 am into the Monday Start time field, then the start timefor Tuesday, Wednesday, and Thursday are auto-filled to 10:00 am). Ifthe user updates the start or end time fields, the new value does notauto-fill the other start and end times.

In some embodiments, the system is able to make recommendations fordates and times based on known or predicted characteristics from theother configuration steps. For example, if the locations element is setto detect events that occur at schools, a custom notification preferencemay be suggested for receiving notifications during known school hoursMonday through Friday.

In another example, if the event selected is for excess heat,notifications may be suggested for times known to be the hottest portionof the day.

As with the previously described configuration steps, once the user hasconfigured the notifications element in a sufficient manner, the user isable to transition to other configuration elements. In the depictedembodiments, notification is the final configuration step. As such,selecting next or save at the notifications step can complete ruleconfiguration (e.g., when the user proceeded step-wise through theconfiguration process, as described). However, other configuration steporderings are possible and contemplated.

To ensure a user understands a created rule, the user can be presentedwith a UI, such as the confirmation modal 2068 depicted in FIG. 20I,confirming rule creation. Confirmation modal 2068 includes Rule Namefield 2070 permitting the user to enter a rule name. The user can thenselect Create Rule button 2072 confirming rule creation.

In some embodiments, rule name 2070 is suggested by the system based oninformation within the rule. For example, a rule name may be suggestedthat follows a format such as “Events+Location+Areas+Notification Type.”In one example, the rule name is “Fire—Schools & Hospitals—Utah—Custom.”In other embodiments, the elements within the suggestion may be alteredor presented differently. The user can also input a custom rule name.

In one embodiment, the rule name is less than 80 characters.

If the user reaches confirmation modal 2068 but decides they would liketo further configure the rule, the user can select cancel 2074 to returnto the rule configuration workflow.

As has been described with FIGS. 20A through 20I, a rule creationworkflow or wizard may be utilized to allow a user to generate a rulethrough stepwise guidance and validation.

Turning now to FIG. 21, a user can also access a UI 2100 for viewingand/or managing created rules. Within UI 2100, the user can view a ruleslist 2102 showing rules available to the user. In some embodiments, onlyrules created by the user are shown. In other embodiments, any rule thatis linked to the user or over which the user has control (e.g., by beingpart of a team or group) can be shown.

For example, a user may be in a management capacity allowing UI 2100 toshow rules created by users over which the user has authority. Inanother embodiment, a user may be linked to a particular set of SMS oremail addresses such that any rule that is configured to notify theaddress can appear in list 2102. In this way, the user can identifyrules they have access to or can expect to receive notifications about.

Associated with each rule are options 2104 that include, for each rule,at least an edit option and delete option. The edit option allows theuser to re-enter the rule creation workflow and modify a rule.Similarly, the delete option allows the user to delete a rule. In oneembodiment, the user receives a modal or non-modal confirmation that arule has been deleted and/or modified. In some embodiments, thenotification may include an undo option to roll-back a rule change or arule deletion.

In some embodiments, the function of the rule options 2104 may bedictated by the user's role or other permissions. For example, a usermay have authorization to edit a rule but not delete a rule. In anotherembodiment, the user may have the ability to delete themselves from therule (e.g., remove their account from the notification configuration)but not otherwise alter the rule for others.

In some embodiments, UI 2100 includes additional options allowing theuser to organize the rules according to their preference or otherpreconfigured option (e.g., creation date, last trigger date, location,notification recipient, etc.). In some embodiments, a user may be ableto see the rules they are associated with (e.g., are to receivenotifications from), but cannot edit or delete the rules (e.g., haveread only access).

In some embodiments, users may also have the option to share their ruleswith other users or groups. For example, rule options 2014 mayadditionally include a “share” option that when selected allows a userto identify another user, group, or team to share the rule with. In someembodiments, sharing functions provide a permission to another user orgroup to see triggered events from the rule. In other embodiments,sharing can be facilitated by providing the underlying programmaticformula describing the rule to another entity. The other entity can thenuse the formula to create their own rule (or as the basis for a new rulewith additional configuration).

UI 2100 may also include a system message area 2106. In one embodiment,system message area 2106 includes an indication of the number ofavailable remaining rules the user is authorized to configure. In otherembodiments, system message area 2106 may be configured to displayinformation such as the identity of the last triggered rule, the mostrecently created rule, or other information.

UI 2100 may also include user tools 2108 that enable the user to makeglobal changes such as configuring user preferences, contactinformation, or the like.

FIG. 22 illustrates an example of receiving a triggered notification2202 at mobile device 2200 (e.g., a mobile phone). Mobile device 2200can be configured to receive an SMS message (e.g., by selecting checkbox 2052 and entering the appropriate number in field 2056 of FIG. 20H).

Using a rule creation workflow similar to that described in FIGS. 20Athrough 20I, a rule can be created wherein the events “hit and run” and“EMS response” are with an “OR” operator such that the detecting ofeither event in proximity to a “hospital” or “school” within “Utah”would satisfy the event rule.

In such an example, a more recent notification 2202 includes anindication of an event type 2204 “Hit and Run” and an event type 2206“EMS Response.” Notification 2202 includes these two event types withinthe same notification but as separate instances. Presenting separateinstances in the same notification can be due to use of an “OR” operatorin the rule that generated notification 2202.

In an embodiment where an “AND” operator is used to combine the eventtypes, the notification is generated as a combined notification suchthat the event types are combined in the manner of “Hit and Run AND EMSResponse occurred.”

Notification 2202 also includes an indication 2208 of the rule thatgenerated the notification(s). As previously described, the pair ofdepicted notifications were triggered form a rule that included “Hit andRun OR EMS Response.”

For each event notification, a link may be provided. For example, link2210 is depicted along with rule notification 2204. The link providesaccess to additional information about the message. For instance, thelink may take the user to the rule that caused the trigger or may takethe user to a stream of raw data that was used to determine the eventthat caused the trigger.

Each triggered event may include a different link to differentunderlying information about that particular message even if the sameunderlying rule triggered both messages (e.g., if the rule includes anOR operator, different types of underlying data may be associated withthe different elements connected by the OR).

In some embodiments, the link provides access to an app that allows theuser a full range of options relating to the event(s) that resulted inthe trigger and notification. For example, the link may direct the userto the underlying information or data corresponding to the event.Additional tools or information may also be presented that can allow theuser to perform actions such as dispatching resources, triage,communicating with people or resources also linked to the event, or thelike.

A user may be able to see prior notifications such as prior notification2212. As depicted, notification 2212 may include only an indication thatthe “EMS Response” portion of the shooting OR robbery rule wastriggered. In one embodiment, a single stream of triggered events can beaggregated for the user in one location (e.g., an SMS thread).Notifications may be grouped by triggered rule by having allnotifications for a particular rule sent from a specific SMS originationaddress. Similarly, notifications can be grouped in other ways bysending notifications within a group with an associated originationaddress. In this way, when a notification is received through known SMSsystems, notifications can be grouped according to their trigger.

In other embodiments, triggered events may appear in the same streamregardless of their triggering rule. In this way, a user need onlyreview one notification stream in order to see relevant notifications.The described functionality (e.g., how notifications are grouped at theuser device) can be configurable depending on user or organizationalpreferences.

The user may have also received a notification at mobile device 2200through the App as a push notification and as an email to an emailapplication. Push notifications are understood to be any sort ofnotification received through an app and also presented outside of theapp at a device, such as on a home screen or lock screen. Pushnotifications can be configured to have some or all of the notificationinformation and/or configured to provide links to external data or tolocations within their corresponding app for the user to receiveadditional information about the notification or triggering rule.

In some embodiments, the information provided through an SMS or a shortcode may be too long to work well or even be compatible with thereceiving system. Accordingly, “shortcodes” can be used to transmitcertain information such as a URL that directs the user to additionalinformation.

In one embodiment, a user may also be able to “unsubscribe” from certaintypes of notifications through a direct response to the notification.For example, the user may unsubscribe from SMS based notifications byreplying to a notification with a keyword, such as “stop.”

Subscription to notifications can be authorized during rule setup (e.g.,when an address is used in a saved rule). For example, it may be that atelephone number is included to receive SMS messages, prior to sendingany event notifications. A confirmation of the alerts may be provided tothe recipient telephone number to confirm that the telephone number iscorrect and that event notifications are authorized to be received atthe telephone number. A similar process may be used with email addressesor other notification addresses.

Unsubscribing from notifications may be configurable at the event level(e.g., request to stop notifications for a current event), at the rulelevel (e.g., request to stop notifications for the current rule), or ata global level (e.g., request to stop all notifications). Depending onthe user, subscription/unsubscription may be configurable based on userrole, device owner, or another criterion. For example, a user may not beable to unsubscribe from notifications sent to an employer provideddevice but may be able to unsubscribe from notifications received at apersonal device.

Such functionality may result in the underlying rule being modified suchas by unchecking the SMS option within the notifications configurationparameter, as previously discussed. In other embodiments, a separateauthorization list may be kept such that rule notification is checkedagainst the additional list to determine whether to transmit thenotification to the particular number.

A user may be able to further configure specific alerts to stop (e.g.,future notifications originating from certain rules) or may be able tostop all notifications.

Notifications can also be received by email. In one embodiment, emailsare sent via plain text to ensure deliverability and cross compatibilityacross devices. An email may follow a template that includes a subjectline indicating that a rule has been triggered. The body may include anidentification of the rule that was triggered along with some level ofevent detail and a link to view additional detail. The email may alsoinclude the rule that originated the notification along with a link toallow the user to stop notifications.

As previously described, the stop notifications options may beconfigurable to apply to only one particular rule, a set of rules, acategory of rules, all notifications, etc.

If a user opts to stop notifications, another entity may be notified ofthat action. For example, if a firefighter unsubscribes fromnotifications, the Captain of the firehouse may be notified to ensurethat request is appropriate or to ensure that somebody else is receivingthe notifications for those alerts.

Users can also be notified of actions with in-app notification. In oneembodiment, notifications can be displayed in a notification bar. Thenotifications can remain for specified amount of time, for example 72hours, however the time is configurable and updatable. In someembodiments, the app can force the event to be available for the userfor a specified amount of time regardless of whether the user has viewedor dismissed the notification.

If the user clicks on a notification, a map also presented on the appinterface can zoom in and center on the event(s). If there are multiplenotifications, the user can toggle through them by clicking onnavigation controls. If the user clicks next on the last notification,the first notification can show. A “dismiss” control may be provided forsome or all notifications that allows a user to remove the correspondingnotification from view. Similarly, a “Dismiss All” option may beconfigured to remove all notifications.

In some embodiments, viewing a notification (e.g., in app or through averifiable push notification interaction) automatically clears thein-app notification.

While app notifications, SMS notifications, and email notifications aredescribed herein, other notification platforms are contemplated such asMMS, emergency pagers, AVL devices, or any other device or protocolsuitable for receiving notifications.

Turning to FIG. 23, certain types of events may require additional typesof configuration parameters. For example, weather related events havecertain types of conditions that can be configurable. These additionalconfigurations can be helpful when isolating a particular degree or typeof impact of a weather event for notification.

Weather events may be stand-alone events (e.g., notify me when thetemperature is greater than 100 degrees), or as complimentary conditionsto other events (e.g., notify me of power outages only when it isgreater than 100 degrees).

As depicted, weather event parameters 2300 are presented in the case ofa user selecting “weather” while configuring the events configurationelement previously described. The event category may include a singularbutton that allows a weather event to be added. In other embodiments,the system may identify a selected weather-related event and presentparameters 2300 to help the user further define the events portion ofthe rule.

Parameters 2300 may include a weather condition dropdown 2302 thatincludes options such as rain, temperature, flood, hail, or otherweather events. Based on the selection, additional parameters mayautomatically be added within parameters 2300.

Some additional weather-related events can also be chosen separatelyfrom the weather condition dropdown 2302. For example, lighting selector2312 may be selected by a user either independently from other weatherevents or in conjunction with another weather event chosen in dropdown2302. In some aspects, the weather activity (e.g., lightning) may bereplaced with a different weather event (e.g., tornado) or additionalselectable options may be included.

Using sub-parameters 2304 through 2310, the user may configure theweather parameters they are interested in, such as temperaturesabove/below a selected level, humidity above or below a selectedpercentage, windspeed above a certain level, and/or windspeed heading.

Such elements can be created in the previously described manner withrelation to combining rules with logical AND/OR operators. In someembodiments, a separate weather event is created for each individualweather event type (e.g., windspeed is created separately fromtemperature). However, if multiple conditions are selected within asignal configuration, those can be treated as conjunctive rules (e.g.,temp about 100 AND humidity above 60%).

Once the weather event has been created, the weather event can be savedand thereby added to a current rule as previously described.

At least two weather event concepts are supported. In one example, auser can configure a “weather only rule” in which satisfaction of therule and corresponding notification can occur based solely on thepresence of the weather event. Weather AND/OR (or not) rules are alsocontemplated in which a weather event/condition is combined with adifferent type of event (e.g., non-weather-related event) using anAND/OR clause.

Weather condition data streams may be received through weather stationreports or other sources within the defined area configured in the rule.The system may then identify weather events from those data streams. Thesystem creates a user generated weather event and places an event pin ontop of the weather station.

For weather AND rules, no new event is created. For example, if a poweroutage occurs while the temperature is above 100 F, the rule istriggered and the power outage event is flagged. No weather event iscreated. The weather can be viewed on the intel screen (e.g., asprovided by a link or shortcode within the notification, as previouslydescribed).

Configuration of weather events—such as described in conjunction withFIG. 23—may also be more fully integrated into the flows or processesdepicted and described in conjunction with FIGS. 20A through 20I. Forexample, during configuration of any suitable non-weather event (e.g., apower outage), an additional configuration parameter may be presented toallow the event to include values for weather-related parameters.

In one example, a user may select a power-outage event during eventselection (e.g., as depicted in FIG. 20B). Upon selecting the event, amodal dialog similar to that of FIG. 23 may be presented indicating tothe user that particular event type may be additionally configured withweather-related configuration parameters. For example, a power-outageevent may be coupled with a high-temperate event.

In such instances, UI pane 2000 may include an additional identifiershowing that the event (e.g., power outage) is further configured withweather parameters. The additional weather parameter(s) can be shown asan additional discrete event in the events listing.

FIG. 24 presents an alternative UI 2400 that may be implemented to helpa user build rule logic. When a user selects a second event or eachadditional event, the “Configure Connected Events” modal can appear. UI2400 may be presented to a user at any suitable point in rule buildingwhen two parameters are combiner in an AND logical relationship and/oran OR logical relationship. UI 2400 includes OR operator 2402 and ANDoperator 2404. As previously described, the use of OR operator 2402effectively generates separate rule processing logic for each of theelements combined with OR (disjunctive). For example, a rule that is thesame for location, areas, and notification can operate the same foreither of two event types combined with the OR logical connector.

AND operator 2404 can be associated with additional configurationoptions. For example, AND operator 2404 can be associated with physicaldistance parameter 2406 and timeframe distance 2408.

Physical distance parameter 2406 facilitates selection of a physicaldistance. A selected physical distance defines that two events linkedwith an AND also occur within a specific distance of each other. Forexample, it may be that the events “Shooting” and “Robbery” are to bewithin a physical distance of 1000 ft. Thus, a shooting and robberydetected within 1000 ft of each other can satisfy the AND (and thus cantrigger a notification). On the other hand, a shooting and robberydetected more than 1000 ft away from each other do not satisfy the AND(and thus do not trigger a notification).

Similarly, timeframe parameter 2408 facilitates selection of atimeframe. A selected timeframe defines that two events linked with anAND also occur within a specified time of each other. For example, itmay be that the events “Shooting” and “Robbery” are to occur within 10minutes of one another. Thus, a shooting and robbery detected within 10minutes of each other can satisfy the AND (and thus can trigger anotification). On the other hand, a shooting and robbery occurring morethan more than 10 minutes apart do not satisfy the AND (and thus do nottrigger a notification).

As previously mentioned, UI 2400 can be (e.g., automatically) presentedanytime a logic statement is used. For example, if a user selects asecond location UI 2400 can be presented to allow the user to select thelogical operator to use to combine the two locations. Additionally, auser may invoke UI 2400 by, for example, clicking on an existingindication of a logical relationship in order to edit or furtherconfigure (refine) that relationship. For example, a user may select theAND element 1814 or the OR element 1816 described in conjunction withFIG. 18. In response, UI 2400 can be presented.

The AND/OR operators can be used to combine multiple configurationparameters. For example, OR operators can be used within the eventparameter, the location parameter, and the areas parameter. Because ofthis, many possible variants of notifications are possible depending onwhich elements are present.

In some embodiments, a user may also be able to configure a rule (oreven portions of a rule) using rule formulas. For example, a workflow orwizard can be used during creation of a rule through a formalized ruleworkflow. In this way, (e.g., more experienced) users can moreefficiently formulate new rules, or edit existing rules, without use ofthe wizard. Similarly, once a rule is created, it can be shared informula form with other entities.

Formulaic rule examples:

(Disabled Vehicle AND Ambulance Requested) within 1 hour and 1 mile OR(Officer-Related Emergency AND Stakeout) (((Request For Registration ANDDisabled Vehicle) within 1 hour and 1 mile AND Ambulance Request) within1 hour and 1 mile AND Officer-Related Emergency) within 1 hour and 1mile ((Convoy Or Escort AND Disabled Vehicle) within 1 hour and 5 mileAND Ambulance Request) within 1 hour and 10 miles OR Bomb Threat

As shown above, a user can create more complex rules using expressformulas and syntax. A user may utilize the previously described wizardto begin rule creation and finish or edit rules within a formula editor(not shown). As such, embodiments of the invention include a robust setof interoperating modules that facilitate creation and modification ofrules having varied complexity. Events can be linked using essentiallyunlimited AND/OR logic.

FIG. 25 illustrates an UI 2500 that presents users with a visualizationof current events based on the rules they have configured or areapplicable to them. UI 2500 includes a map portion 2502 onto whichtriggered rules/events can be shown. Map portion 2502 may be set by auser (e.g., through navigation gestures) or dynamically bybroadening/contracting in order to show triggered events. In otherscenarios, map portion 2502 may be based on a user's authorizationlevel, role, or other characteristic of the user.

Information panel 2504 is also included. Panel 2504 depicts a differentview of current events as well as additional information about eventsdepicted in map portion 2502. As depicted, panel 2504 shows an expandedevent labeled “power outage” along with additional information about the“power outage” event. Additional events are also shown below that eventbut are visually diminished (e.g., grayed out) because they are notcurrently in focus.

The listing of events may be automatically arranged in panel 2504according to one or more criteria such as timestamp, severity,truthfulness, status, event type, location, or other characteristic(s).

Map portion 2502 and panel 2504 can be interconnected such that anaction or interaction on one affects or automatically updates the other.For example, selecting the “power outage” event from panel 2504 maycause elements on map portion 2502 to be highlighted or emphasized insome manner (e.g., to help a user understand the types of elements thatare being affected by the event).

Within UI 2500, selecting the power outage event identifies threeimpacted assets 2506, 2508, and 2510 to be highlighted. In thisscenario, those three locations are retirement communities that arewithin the power outage area. In one example, the power outage event canbe triggered by a rule created in the previously described rule creationengine. For example, a rule could be created that triggers an eventnotification anytime there is a power outage that affects a retirementcommunity. Because this power outage affects the three retirementcommunities 2506, 2508, and 2510, the event was triggered and presentedto the user.

The user can take additional action to learn more about the impactedassets. For example, the user may select element 2506 from panel 2504that corresponds to location 2506 on the map. When this selection ismade, the map portion 2502 is updated to include additional informationabout the location such as the address of the location shown as detailbubble 2506 b.

The reverse interaction is also possible. For example, the user canselect location 2506 in map portion 2502 and information bubble 2506 bcan appear and element 2506 a can be highlighted in panel 2504.

Map portion 2502 can simultaneously include multiple different eventtypes with different event-type visualizations. For example, water/floodnotifications can be isolated and grouped according to the originationlocation. Temperature event identifiers 2514 a, 2514 b, and 2514 crepresent temperature readings that satisfy a rule available to the userregarding temperature readings.

A fire is represented by fire icon 2516 and lighting by lightning icons2518 a and 2518 b. As previously described, selecting any of these eventidentifiers allows the user to find out more about those eventsincluding discovering more about the events in panel 2504.

Events that have triggered a rule can be highlighted on the map. Forexample, details on the map connected to a particular event can behighlighted in the same distinct color on both the map and within panel2504.

Events linked with OR operators (e.g., from rules where one or moreconditions were linked with an OR logical operator) can be triggered asevents occur (e.g., one at a time). On the other hand, AND events cantrigger multiple events simultaneously (e.g. a shooting event and a riotevent) because both event types are required in order for the rule totrigger.

Events that are triggered in conjunction another event (e.g., ANDconnected conditions) may be visually liked together on the map (e.g.,using a specific symbol, number, icon, etc.)

In some embodiments, the identifier on the map may also be selected toinclude a popover with a label indicating the rule name and/or rule areacorresponding to the rule that was satisfied triggering the eventdetection.

An event listed in panel 2504 may also include an “Impacted Locations”section. For example, the “power outage” event (e.g., as shown in panel2504) may also include a first specified number corresponding to thenumber of locations that are affected by the rule. For example, in theprior description, three retirement communities were affected by thepower outage rule. Thus, a number “3” (not shown) may be presented inpanel 2504 in association with the impact assets if “retirementcommunities” were the configured locations.

If more than one location type is included within the rule, those countsmay be aggregated or presented separately with a corresponding locationtype next to the count.

In another aspect, reports of certain types of signals are affected bythe way the information is received from reporting entities. Forexample, public utilities (e.g., power providers) may provide dataformatted as shapefile, radii, number of customers impacted, or otherdata types. In an example where a provider provides a shapefile andradius, the provided boundary can be used to identify the location ofthe event and corresponding coverage area.

In an example where a number of affected customers is provided, thesystem may perform a calculation such as using census for the affectedzip code to derive population, then divide the population by the numberof affected customers to get an impact percentage. The percentage canthen be translated to a radius that extends from a centroid within thezip code to show the relative impact of the event. When a utilityprovides less useful information (or no information) a default radiuscan be applied.

In one aspect, a lat/long and number of impacted customers is received.Logic can be implemented using the number of affected customers to get aradius for “Impacted Locations.”

The way events are shown on map 2502 can also be configured such thatall events are shown even if they don't fully match a rule. For example,if a user rule includes an AND operator combining two types of events(e.g., a fire and a power outage), map 2502 may be configured to showall fires even if there are no corresponding power outages required by arule.

In other embodiments, events listed on map 2502 are only shown when acorresponding rule is satisfied. Thus, in the prior example, a fire mayonly be shown if a corresponding power outage also occurs to therebysatisfy the AND operator within the user rule.

Displaying events on map 2502 may also be configured based on event typesuch that some events are always shown even if a rule isn't triggeredbecause an additional criterion has not yet been matched. For example,severe or important event types (e.g., fires, shootings, kidnappings,etc.) may always be shown even if another criterion is not met.

On the other hand, other types of events may not be shown unless a ruleis satisfied. For example, a traffic jam may not be shown on the mapunless a corresponding AND linked event (e.g., an EMS response) is alsodetected. In this way, important events can be shown withoutoverwhelming a user with all types of events.

Interface 2500 may also be configured to highlight or otherwisedistinguish events that have satisfied a rule from events that have notyet satisfied a rule. For example, all shootings may be shown on the mapirrespective of whether they have triggered a more specific rule.However, a shooting within 1000 feet of a school may be emphasized onmap 2502 if a particular rule requires only shootings within 100 feet ofa school.

In another example, panel 2504 may group events belonging to triggeredrules at the top of the list and place other events that have nottriggered rules lower on the list. In this way, a user is able to seeall events but can more easily recognize events that are of particularimportance to them (e.g., based on the presences of a rule directed tothose event criteria).

FIG. 26 shows an interface 2600 that includes a map portion 2602(similar to the map portion 2502 from FIG. 25) along with an additionalUI toolbar 2608. Within toolbar 2608 are custom parameters 2610 andlayer controller 2612.

As previously described, custom parameters 2610 comprises tools that auser can use to create custom regions within map portion 2602 fordifferent kinds of inspection. For example, the user may use the radiustool to select a sub-portion of map portion 2602 to see eventsidentified within that sub-portion. Similar actions can be performedwith the other custom region tools.

Layer controller 2612 allows the user to control the type of data layersthat are applied and shown on map portion 2602. For example, using layertoggle 2614, the user can enable/disable information relating to AVL,Traffic, past events, precipitation, and sex offenders. In someembodiments each individual layer has its own layer toggle in additionto a category or source layer toggle. In this manner, the ability toshow or hid specific layers or sub-layers can be individual controlled.

Interface 2600 also illustrates some additional data that may bepresented within event stream panel 2616. For example, each event mayinclude a visual indication 2618 of event truthfulness and a visualindication 2620 of event severity. In one embodiment, the truthfulnessis a determined value that represents the degree to which the systembelieves the underlying signal(s) used to generate the event arereliable, accurate, truthful, complete, etc. For example, if theidentification of the event “power outage” is based on informationreceived directly from the power utility company, the visual indication2618 may show a high truthfulness value because the power utility islikely to be a reliable source of information relating to a power outageevent. On the other hand, if the signal used to generate the poweroutage event is from a social media source, the correspondingvisualization 2618 is likely to be a lower value.

Truthfulness visualizations can be configured based on rules and machinelearning data and can be dynamically updated as new information about anevent is received.

As previously described, severity may be calculated using various dataelements and may be updated or altered as new information is receivedand processed. For example, visual indication 2620 can indicate theseverity of an event. While the term “medium” is used in the depictedembodiment, other methods can be used to visualize severity such ascolors, sizes, numbers, etc.

Briefly referring back to FIG. 11, functionality described with respectFIGS. 18-26 can be integrated into user interface 1111 and/or eventnotification 1116. Entity input 1149 can be used to define rules(including disjunctive/or conjunctive operators). Defined rules can beincluded in preferences 1126. As such, event preference sets 1127 storedin event preferences database 1109 can include defined rules. Eventnotification 1116 can notify entities when an event or combination ofevents satisfies a defines rule.

Accordingly, a defined rule is similar to preferences (e.g., preferences1126) entered through user interface 1111. A defined rule (including anylogic operators) can be stored in a repository similar to eventpreferences database 1109. On an ongoing basis and/or as events aredetected, event notification 1116 or another similar module can comparedefined rules to combinations of one or more detected events. When amatch is detected, event notification 1116 or the other similar modulecan send a notification in accordance with notification preferences(e.g., SMS, email, in app).

FIG. 27A depicts a computer architecture 2700 similar to computerarchitecture 100 described in conjunction with FIGS. 1A and 1B. Asdepicted, event notification 116 includes rules engine 2702 and eventrendering component 2704.

As previously described, a user may generate rules for events they areinterested in receiving notifications about. Computer architecture 2700includes rules engine 2702, along with a corresponding configurationplatform (e.g., user interfaces as previously described) to receive,store, and/or access user-generated rules.

In one embodiment, as event 135 is identified, the event can be moved toevent notification 116. At this point, event notification 116 canconsult rules engine 2702—including any user rules generated therein—todetermine whether event 135 (possibly in combination with one or moreother events) satisfies any rules. In the case that event 135 (incombination with any other events) does satisfy at least one user rule,event rendering component 2704 may function to generate and/or displaythe notification. As previously described, rendering event 135 mayinclude sending a notification via SMS, email, MMS, push notification,or other means. In other embodiments, rendering may include causing thenotification to be displayed at an app or other user device.

FIG. 27B depicts computer architecture 2700 including privacyinfrastructure 102 (similar to FIG. 1C).

As depicted in FIG. 27B, privacy infrastructure 102 spans data ingestionmodules 101, event detection infrastructure 103, and event notification116. As such, privacy infrastructure 102 can implement and/or apply anydescribed data privacy operations, such as, user information removal,user information scrubbing, user information stripping, user informationobfuscation, access rule application, etc., at and/or throughinteroperation with any of: rules engine 2702 or event rendering 2704.

FIG. 28 depicts a computer architecture 2800 that includes signalingestion modules 101, rules engine 2702, and event rendering 2704.Rules engine 2702 further includes rule builder UI 2802, comparator2804, notification generator 2806, and rules 2808. As previouslydescribed in FIGS. 20A through 20I, rule builder UI 2802 may present aseries of UI elements (e.g., in UI screens 2002A, 2002B, 2002C, 2002D,etc.) allowing a user to configure a user rule. The user rule can beconfigured to generate notifications when one or more (and possibly aplurality of) events matching the rule occur(s).

For example, rule builder UI 2802 may be utilized to generate rule 2810.Upon creation, rule 2810 may be stored rules 2808, such as, a databaseor other data structure. As depicted, rules 2808 is included withinrules engine 2702, however, it is appreciated that rules engine 2702 mayaccess rules 2808 through security layers, access control layers, orother mediating devices or structures such as the internet.

As described, event 135 can be identified from one or more normalizedsignals 122 and then passed through to the rules engine 2702. Comparator2804 can compare characteristics of event 135 to rules 2808 to determinewhether a rule, such as rule 2810, matches event 135.

Upon comparing characteristics of event 135 to rules 2808, comparator2804 determines whether one or more rule conditions are satisfied. Inthe case a rule is satisfied, for example if event 135 matches rule2810, comparator 2804 can pass the match 2812 to notification generator2806 to generate an appropriate notification 2814 as per described userpreferences.

Notification generator 2806 may utilize event rendering component 2704to cause the notification events to be rendered (e.g., message sent,interface updated, etc.). For example, if a user has selected SMSnotifications for rule 2810 (the rule that matched event 135),notification generator 2806 can cause an SMS notification to be sent tothe user device designated within the rule (e.g., on its own, usingevent rendering component 2704, or using one or more other components).

In addition to providing the notification to a user, notification 2814may also be set to signal ingestion modules 101 as a (raw) signal foringestion, processing, and event detection. For example, the act ofsending a notification to a user may be of interest to one or moreentities and, thus, generating notification 2814 may result in adifferent matched rule and a new notification (e.g., about the originalnotification) being sent to a different user/entity.

As depicted in FIG. 28, privacy infrastructure 102 spans data ingestionmodules 101, rules engine 2702 (including rule builder UI 2802,comparator 2804, and notification generator 2806), and event rendering2704. As such, privacy infrastructure 102 can implement and/or apply anydescribed data privacy operations, such as, user information removal,user information scrubbing, user information stripping, user informationobfuscation, access rule application, etc., at and/or throughinteroperation with any of: data ingestion modules 101, rules engine2702, rule builder UI, comparator 2804, notification generator 2806, orevent rendering 2704.

FIGS. 29A through 29E depict an architecture 2900 corresponding to oneaspect of rules engine 2702. FIG. 29A depicts a collection of events,included in an event data stream 2902. Event data stream 2902 includesevents 2904 through 2912 (e.g., similar in configuration to event 135).As previously described, such events may be detected through signalingestion, normalization, and event detection. Events in event stream2902, including events 2904 through 2912, may be received at differenttimes or from different sources.

Architecture 2900 can also include one or more rule conditions, such as,rule condition 2914, rule condition 2916, etc. and one or more rules,such as, rule 2918, rule 2920, rule 2922, etc.

Rule conditions may be sub-elements and/or atomic elements of a rule.For example, rule 2918 may be composed by an entity using the previouslydescribed rule configuration interfaces (e.g., as described in FIGS. 20Athrough 20I). As depicted, rule 2918 includes the requirement for twoevent types, fire 2918 a and flood 2918 b, a timeframe 2918 c (10minutes), and a distance 2918 d (3 km).

As previously explained, fire 2918 a and flood 2918 b may be combinedaccording to an AND/OR operator such that, depending on the operator,either or both events must be present in order to satisfy the event typeportion of the rule.

As depicted, fire 2918 a and flood 2918 b can be considered “ruleconditions” within rule 2918. As depicted, rule condition 2914 includesthe event type fire 2914 a, and rule condition 2916 includes the eventtype flood 2916 a.

In this way, rules can be composed of discrete rule conditions. In someembodiments, use of discrete rule conditions facilitates more efficienttriggering of rules. For example, as described, an “event” may beindicative of a discrete type of activity that is occurring. Because ofthis, a “fire” may be detected separately form a “flood” even if theyare happening at the same time within the same general location. Thatis, event detection may be configured to identify atomized events evenwithin collections of concurrent events. These atomized events may thenbe configured to satisfy rules by satisfying rule conditions withinthose rules.

Rule conditions may also be tracked within a data structure thatincludes additional information about each rule condition. For example,rule condition 2914 includes an inverted list 2914 b that may include areference of all rules that include that particular rule condition. Forexample, as depicted, rule condition 2914 “RC1” is linked to rules “RX;RY; RZ; . . . ” This means that the rules named “RX,” “RY,” and “RZ”each include a rule condition that matches rule condition 2914 for theevent type of “Fire.”

Rule condition 2916 “RC2” includes event type 2916 a for a “Flood.” Rulecondition 2916 also includes inverted listing 2916 b illustrating thatrules “RX,” “RY,” and “RA” include the flood event type as at least onecondition of the rule. (Rule RA is not expressly depicted in FIG. 29A)

Rule conditions 2914 and 2916 also include entity information 2914 c and2916 c, respectively. In some embodiments, it may be important to ensurethat whatever underlying signal was used to detect an event isauthorized for viewing by an entity that has picked the rule condition.As an example, an entity may provide signals into the signal ingestionengine for event detection such as detection of power outages within theentity's facilities. However, that entity may limit access to detectedevents to authorized users within the entity and not, for example, to alocal fire department or power company.

Thus, if a fire department creates a rule that includes a rule conditionfor “power outages,” it may be necessary to ensure that events detectedfrom the private entity signals (e.g., a private company) do not triggerthe rule condition for the fire department (e.g., unauthorized entity).

As depicted, rule conditions 2914 and 2916 include such entityinformation. Upon detection of an event that satisfies a rule condition,entity information 2914 c and/or 2916 c can then be checked to determinewhether the entity has access/authorization to the signal from which theevent satisfying the rule condition was detected.

For example, a particular entity may be permitted to see eventsoriginating from (e.g., detected from) particular signal sources.Another entity may not be permitted to see events from the particularsignal sources. As such, it may be necessary to include permissionsinformation within a rule condition that can be checked to ensure that,in addition to the event type, time, location, etc., the entity thatcreated the rule containing the rule condition is also permitted to viewthe events detected from the particular signal sources.

Rule condition 2914 is depicted with permissions 2914 c includingpermissions for entity “E01” and “E07,” (the ellipsis indicates thatadditional entities may also have permissions). Event 1 2904 is depictedas satisfying rule condition 2914 indicating that event 2904 is a “fire”event. Notably, depending on the embodiment, event 2904 may satisfy rulecondition 2914 by virtue of being an event that satisfies the event-typefire 2914 a and may not, at least initially, consider entity information2914 c.

However, in other embodiments, event 2904 may not be considered asmeeting rule condition 2914 unless entity information 2914 c is alsodetermined to be satisfied (e.g., by determining whether an entitylisted within entity information 2914 c is authorized to see event 2904based on the permissions applied to the signal used to detect event2904). For example, if the entity that built the full rule thatcontained rule condition 2914 is listed within entity information 2914c, the entity can be considered authorized to receive notifications thatare based (at least in part) on rule condition 2914. On the other hand,if the entity is not listed in entity information 2914 c, the entity maynot receive notifications even if all of the other elements of rulecondition 2914 are satisfied.

As used within the examples of FIGS. 29A through 29E, entity information2914 c and 2916 c can also be accessed during other processes (e.g.,notification generation) to verify that an entity is authorized toreceive an event notification.

As depicted, Rules 2918, 2920, and 2922 represent “full” rules (e.g.,rules configured by an entity). Rule 2918 includes event type fire 2918a, event type flood 2918 b, time window 2918 c, and distance 2918 d. Ascan be appreciated from previous description, rule 2918 may indicate arule that requires a fire AND/OR a flood, within 10 minutes of eachother, and within 3 kilometers of each other. Rule 2920 requires a fireAND/OR flood within Utah (no timeframe condition is provided). Rule 2922requires a fire event to occur in Utah two times within 12 hours.

FIG. 29A depicts numerous example paths between events 2902, ruleconditions 2914 and 2916, and rules 2918, 2920, and 2922. For example,event 2904 can be identified as a fire, event 2906 can be identified asa flood, event 2908 can be identified as a fire, event 2910 can beidentified as an event other than a flood or a fire, and event 2912 canbe identified as a flood.

Rule condition 2914 includes inverted listing 2914 b depicting how rules2918, 2920, and 2922 are linked to or associated with rule condition2914. Rule condition 2916 includes inverted listing 2916B indicatingthat rules 2918, 2920, and Rule RA (not depicted) are linked to rulecondition 2916

Connection lines illustrate relationships between the data stored withininverted listings 2914 b and 2916 b. For example, fire event type 2918 ais related to inverted listing 2914 b, flood event type 2918 b is linkedto inverted listing 2916 b, and so forth. These referential elementsallow the rules engine to determine which full rules rely on which ruleconditions such that when a rule condition is satisfied all full rulesthat include that specific rule condition can be more easily identified.

Based at least in part on placing full rules within inverted listings inrule conditions, received events can be accumulated over time and usedto determine whether a full rule has been triggered.

Moving to FIG. 29B, matching table 2924 is depicted. Entries withinmatching table 2924 are depicted with connecting lines that conceptuallydepict relationships among rules 2918, 2920, and 2922 and entries withinthe able. Matching table 2924 may allow tracking of detecting eventsthat match rule conditions over time.

In one example depicted in FIGS. 29A and 29B, event 2904 “Event 1” isdepicted as satisfying event type 2914 a of rule condition 2914 (asshown using the arrow connecting event 2904 and event type 2914 a). Oncethis connection has been determined, inverted listing 2914 b can be usedto determine that rules 2918, 2920, and 2922 each include rule condition2914 within their full rule. Thus, using the inverted listing within therule condition 2914 allows event 2904 to be associated with the fullrules 2918, 2920, and 2922 through the rule condition. It isappreciated, however, that while event 2904 may be associated with thefull rules, it may not fully satisfy any rule because rules may containmore than one rule condition.

Based on satisfaction of rule condition 2914, and determining that rules2918, 2920, and 2922 include rule condition 2914, associated entries canbe made in matching table 2924. For example, entries 2924 a, 2924 b, and2924 c can be made within matching table 2924 and include an entry foreach respective rule (i.e., “RX,” “RY,” and “RZ”), the rule conditionthat was met (i.e., “RC1”) and the event that met the rule condition(i.e., “E1”).

Once matching table 2924 has been updated, the new entries can bereferenced over time to determine whether rule conditions for a rulehave been met.

Assuming for the sake of illustration that rule 2918 and rule 2920 eachrequire an AND operation to connect their event type conditions. At apoint in time, event 2904 is detected. As depicted, event 2904 satisfiesrule condition 2914 for being a “fire.” Using inverted table 2914 b, therules engine can identify that rule condition 2914 is included withinrules 2918, 2920, and 2922. However, event 2904 alone cannot fullysatisfy rule 2918 or 2920, and one occurrence of a fire is insufficientto satisfy rule 2922. As such, event 2904 may not, on its own, triggerany rule notifications.

The occurrence of event 2904 can then be stored in matching table 2924along with the rules that include the satisfied rule condition alongwith an identifier of the event. As depicted, entry 2924 a, 2924 b, and2924 c include the identified rules “RX,” “RY,” and “RZ” have satisfieda rule condition “RC1” according to event “E1.”

At another point in time, event 2906 is detected. As depicted, event2906 satisfies rule condition 2916 for being a “flood.” Using invertedtable 2916 b, the rules engine can then identify that rule condition2916 is included within rule 2918 and 2920. However, event 2906 alonecannot fully satisfy rule 2918 or 2920. As such, event 2904 may not, onits own, trigger any rule notifications.

The occurrence of event 2906 can then be stored in matching table 2924along with the rules that include the satisfied rule condition alongwith an identifier of the event. As illustrated, entry 2924 d and 2924 einclude the identified rules “RX” and “RY” have satisfied a rulecondition “RC2” according to event “E2.”

Subsequently, a rules engine may check to determine whether thesatisfaction of rule condition 2914 and rule condition 2916 issufficient to satisfy one or more full rules, such as, 2918, 2920,and/or 2922. For example, the rules engine 2702 may determine whetherevent 2904 and event 2906 occurred within 10 minutes of each other andwithin 3 km of each other to satisfy rule 2918, or whether events 2904and 2906 both occurred within Utah. Rules engine 2702 may also determinewhether rule 2922 is satisfied by having at least two fire eventsdetected within Utah within a 12-hour time window.

In a scenario where an affirmative determination has been made (i.e.,satisfaction of a full rule), rules engine 2702 may generate anotification. If no affirmative determination is made, a notification isnot generated. For example, it may be that events 2904 and 2906 did notfully satisfy parameters of rules 2918, 2920, or 2922. As such, nonotification is generated. However, matching table 2924 is maintained.Additional events can be used for partial matches and to determine ifaccumulated events satisfy conditions of any full rules.

At a third time, event 2908 is detected. As depicted in FIG. 29A, event2908 is also a fire. As such, event 2908 satisfies rule condition 2914which is linked to rules 2918, 2920, and 2922. The occurrence of event2908 and satisfaction of rule condition 2914 for the three full rulesare then logged in the manner previously described as entries 2924 f,2924 g, and 2924 h within matching table 2924.

As described, after any new event (and corresponding rule conditions andassociated rules) is logged in matching table 2924, rules engine 2702may again check to see if any full rule is now satisfied based onentries in table 2924.

As depicted, with the occurrence of the second fire event (event 2908),rule 2922 is fully satisfied (two fires within Utah within 12 hours). Inaddition to sending the match to rule notification, an entry 2924 i canbe entered into matching table 2924 indicating that full rule 2922 hasbeen satisfied. As such, matching table 2924 can track both thesatisfaction of partial rules (i.e., rule conditions) and also thesatisfaction of complete rules. Thus, rules engine 2702 may also be ableto track more complex rules, for example rules that are triggered uponthe occurrence of one or more full rules. For example, another rule mayexist that is triggered when a different full rule has been triggered acertain number of times within a certain timeframe. In a scenario wherethe different full rule contains multiple rule conditions, thisarrangement (a rule dependent on satisfaction of another rule) cansimplify checking for rule satisfaction using rule or rule conditionnesting.

At a fourth time, event 2910 is detected. Event 2910 is not associatedwith either rule condition 2914 or 2916. In some embodiments, theoccurrence of event 2910 may be ignored by the rules engine because nocurrent rules include rule conditions that are interested in an eventtype of event 2910.

In other embodiments, event 2910 may be logged in matching table 2924.However, additional information relating to a satisfied rule conditionor full rule is omitted, as depicted in entry 2924 j. In someembodiments, as new rules are created, rule conditions may beretroactively applied across entries within matching table 2924.

At a further time, event 2912 is detected. As depicted, event 2912 is aflood that may be linked to rule condition 2916 (a rule condition withinat least rules 2918 and 2920). Entries 2924 k and 2924 m mayconsequently be logged in matching table 2924 to reflect the occurrenceof the flood event.

Additionally, as described, rules engine 2702 may determine whether theevent 2912, in addition to the prior logged events, cumulatively nowsatisfy any full rules. Rules engine 2702 may then generatenotifications when a match is determined, and a new entry made withinmatch table 2924 logging the full rule match.

FIG. 29C depicts the matching of rule 2920 using matching table 2924. Asdepicted, full rule 2920 includes rule conditions for event types of“fire” and “flood.” In the depicted example, an AND operator is used tocombine the event types. The rule additionally includes the location of“Utah” such that a fire and flood occurring within Utah satisfy rule2920.

Within matching table 2924, rule condition 2920 a is logged as beingsatisfied with entry 2924 b indicating the satisfaction of rulecondition “RC1” (2914) within rule “RY” by event “E1,” (2904) aspreviously described.

Rule condition 2920 b is logged as being satisfied at entry 2924 e uponthe occurrence of event “E2” (2906). As can be appreciated, event E1 andevent E2 should be assumed to have occurred within the designatedlocation (Utah).

Upon determining that rule 2920 has been satisfied, rules engine 2702may send the match to notification generator 2802 (previously described)that can then generate and send notification 2926 to event rendering2704 for presentation at a user device (e.g., an SMS, email, in-appnotification, etc.)

FIG. 29D depicts satisfaction of rule 2918 using matching table 2924. Asdepicted, rule 2918 includes the requirements for event types of “fire”(2918 a) AND “flood” (2918 b) that occur within 10 minutes of each other(2918 c) and within 3 km of each other (2918 d). In some embodiments,time windows and location requirements are treated as AND operations bydefault. In other embodiments, a user may be able to configure the wayin which these parameters are considered matches. For the sake of thepresent examples, the time windows and locations are combined with theevent types with AND operators.

As depicted, it is the occurrence of events “E2” (2906) and “E3” (2908)that satisfy rule 2918. The order of satisfaction of rule conditions isflexible such that rule condition “RC2” (2916) can be satisfied prior torule condition “RC1” (2914) (or vice versa).

From entries within rule table 2924, the combination of event “E1”(2904) and event “E2” (2906) did not satisfy rule condition 2918 eventhough they represent both of the fire and flood event. It may be thatthe events did not occur within 10 minutes of each other (e.g., event“E2” occurred more than 10 minutes after event “E1) or the eventsoccurred more than 3 km from each other.

On the other hand, another fire event, event “E3” (2908) may haveoccurred within 10 minutes of event “E2” (2906) and within 3 km of event“E2.” As such, rules engine 2702 may determine that rule 2918 has beensatisfied and trigger notification generator 2802 to generate and sendnotification 2928 to event rendering 2704 for presentation to a user.

FIG. 29E depicts satisfaction of rule 2922 using matching table 2924. Asdepicted, full rule 2922 includes only one event type rule condition fora “fire” (2922 a). However, full rule 2922 also indicates thatnotification should only occur when the event type condition occurs inUtah (2922 b), twice (2922 c), and within a 12-hour period (2922 d). Asdepicted, it is the combination of the occurrence of event “E1” (2904)satisfying rule condition “RC1” (2914), along with the occurrence ofevent “E3” (2908) also satisfying rule condition “RC1,” that contributeto the satisfaction of full rule 2922.

In some aspects, with respect to the examples of FIGS. 29C, 29D, and29E, entity permissions may be checked and verified at any of severalpoints within the system. For example, rules engine 2702 may checkpermissions after determining the match to a full rule but prior tosending the match to notification generator 2802. In other embodiments,notification generator 2802 may be configured to check for permissionsprior to actually generating a notification (e.g., notification 2930)and sending it to the user device. As described, checking permissionsmay be enabled by checking an embedded source identifier associated withthe signal source that was a basis for detecting an event. In someembodiments, this source identifier may be passed along with the signaland events derived from the signals by appending metadata to thoseelements.

The appended metadata may then be checked against another table (notshown) that associates source identifiers with entity identifiersallowed to access, see, or otherwise receiving notifications aboutevents linked to that source identifier.

Thus, within the examples of FIGS. 29A through 29E, some embodiments mayenforce authorization checking at any of several locations betweenreceiving the events 2902 and sending notifications to an entity device.

As depicted in FIGS. 29C-29E, privacy infrastructure 102 spans eventrendering 2704 and notification generator 2802. As such, privacyinfrastructure 102 can implement and/or apply any described data privacyoperations, such as, user information removal, user informationscrubbing, user information stripping, user information obfuscation,access rule application, etc., at and/or through interoperation with anyof: event rendering 2704 or notification generator 2802.

Moving now to FIG. 30, a method 3000 for generating notifications basedon events matching user rules. Method 3000 includes receiving aselection of a combination of one or more event types for monitoring(3002). For example, a user may select one or more event types withinparameter selection area 2010 as illustrated in FIG. 20B. Method 3000includes receiving a selection of one or more locations types (3004).For example, the user selects one or more locations of interest inparameter selection area 2010 as illustrated in FIG. 20C.

Method 3000 includes receiving a boundary associated with a selectedlocation type (3006). For example, as described in FIG. 20C, theboundary may be associated with particular locations of particularlocation types (e.g., hospitals, schools, airports, etc.) In someembodiments, the boundary may be the precise physical boundary defininga location. In other embodiments, the boundary may include additionalarea surrounding the location. For example, a radial boundary may beestablished with the selected location at the center. In otherscenarios, the boundary may be established based on othercharacteristics near a location (e.g., major roads, other locationtypes, jurisdictional boundaries, etc.)

In some embodiments, the boundary for one instance of a location typemay differ from another instance of the same location type. Similarly,instances of a particular location type may have a preset boundary thatdiffers from one or more boundaries associated with other locationtypes. For example, the boundary around schools may be greater than theboundary around restaurants. As another example, the boundary around aschool within a particular zip code may be different than the boundaryaround a different school in a different zip code. Thus, boundaries maybe associated with locations in various ways depending on userpreferences.

Method 3000 includes receiving an area to monitor for a combination ofone or more event types (3008). As described in FIG. 20D through FIG.20G, a boundary may be selected as either a pre-defined area or a customarea (FIG. 20D). In the case of selecting pre-defined areas, the usermay select boundaries defined by geographic concepts such as countries,states, counties, cities, or the like (FIG. 20E). In some embodiments,boundaries may define regions that include multiple individualgeographic elements (e.g., the “south-western United States” or“Northern California”). As depicted in FIG. 20G, a user may also setboundaries using drawing tools, such as drawing tools 2044.

Method 3000 includes combining the combination of the one or more eventtypes, the one or more location types, the boundary, and the area into arule formula (3010). For example, as described, a formulaicrepresentation of the user-configured rule may be generated. It isappreciated that although a formula may be created, a user may notnecessarily see or interact with the underlying formula. Instead, forexample, a user may see their rule formula within a user interface suchas UI 2000 as shown within FIGS. 20A through 20I. More specifically, auser may see the rule parameters along with rule operators (e.g.,AND/OR) in a visual form rather than in a formula form.

Method 3000 includes associating notification preferences with thedefined rule (3012). For example, notification parameters configured bythe user in interface 2002H of FIG. 20H may be associated with thedefined rule. As described within FIGS. 29A through 29E, the designationof one or more event types, locations, time windows, boundaries,distances, etc., can be used to formulate a full rule such as rules2918, 2920, and/or 2922. Depending on the type of operators selected bythe user during rule creation, the generated rules can be satisfied bycorresponding combinations of rule conditions such as rule condition2914 and/or rule condition 2916. It is appreciated that vast numbers ofrule conditions are possible that that virtually limitless unique fullrules are possible.

Method 3000 includes detecting one or more events (3014). For example,an event may be processed through an architecture such as architecture2700 that includes ingesting signals through signal ingestion modules101. These signals are then processed into normalized signals 122 andpassed to an event detection infrastructure 103. An event 135 mayeventually be identified and passed to Rules Engine 2702 for processing(as described in conjunction with FIG. 28). As described in FIG. 29A,normalized events can be processed and matched against rule conditions(e.g., rule conditions 2914 and/or 2916) to determine whether theycontribute to full rules (e.g., full rules 2918, 2920, and/or 2922).

Method 3000 includes comparing one or more events to the rule formula(3016). As previously described, the rule formula can be represented asa combination of discrete rule conditions. Characteristics of thenormalized event can then be compared to the rule conditions todetermine a match. For example, as shown in FIG. 28 (and/or FIG. 29C,29D, or 29E), event 135 is compared to rules 2808 at comparator 2804 todetermine whether any rules match the event.

In some aspects, method 3000 also includes one or more privacyoperations. Privacy infrastructure 102 can implement and/or apply anydescribed data privacy operations (possibly through interoperation withmodules included in one or more of: data ingestion modules 101, eventdetection infrastructure 103, event notification 116, rules engine 2702,rule builder UI 2802, comparator 2804, notification generator 1806, orevent rendering 2704) such as, user information removal, userinformation scrubbing, user information stripping, user informationobfuscation, access rule application, etc., prior to, during, or afterany of: 3002, 3004, 3006, 3008, 3010, 3012, 3014, or 3016.

The present described aspects may be implemented in other specific formswithout departing from its spirit or essential characteristics. Thedescribed aspects are to be considered in all respects only asillustrative and not restrictive. The scope is, therefore, indicated bythe appended claims rather than by the foregoing description. Allchanges which come within the meaning and range of equivalency of theclaims are to be embraced within their scope.

What is claimed:
 1. A method comprising: receiving an indication of alocation type, a boundary geometry, a user event truthfulnesspreference, a first event type, and a second event type; receiving anindication of an area including a first location of the location typeand a second location of the location type; combining the location type,the boundary geometry, the area, the user event truthfulness preference,the first event type, and the second event type, into a rule formula;monitoring the area for events occurring within a first boundarysurrounding the first location or occurring within a second boundarysurrounding the second location, the first boundary and the secondboundary defined in accordance with the boundary geometry; accessingfirst event characteristics including a first event type and a firstevent truthfulness corresponding to a first detected event; identifyinguser information contained within the first event characteristics;applying a data privacy operation to the user information; accessingsecond event characteristics including a second event type and a secondevent truthfulness corresponding to a second detected event; determiningthat a combination of the first characteristics and the secondcharacteristics satisfy the rule formula subsequent to applying the dataprivacy operation, including determining that the first event type andthe second event type occurred in combination within the first boundaryand that the first event truthfulness and the second event truthfulnessboth satisfy the user event truthfulness preference; and automaticallyelectronically notifying an entity in accordance with notificationpreferences that the rule formula was satisfied.